TL;DR
- Radiant Capital suffered an attack resulting in the loss of over $50 million due to flaws in its multisig configuration.
- The vulnerability allowed transactions to be authorized with only three out of eleven required signatures, making it easier to take control of the funds.
- Radiant is working with security firms to track down the attackers and recover the stolen funds.
Radiant Capital, a decentralized finance (DeFi) platform, has been the victim of an attack that resulted in the loss of over $50 million.
The incident affected its markets on the Binance Smart Chain (BSC) and Arbitrum networks, exposing flaws in the security of its smart contracts. The exploited vulnerability allowed attackers to gain access to the platform’s multisignature (multisig) wallet, a mechanism that should, in theory, have guaranteed transaction security.
We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.
— Radiant Capital (@RDNTCapital) October 16, 2024
The attack was made possible due to a deficient configuration in the multisig system, which required only three out of eleven signatures to authorize transactions. This low threshold allowed hackers to gather the minimum number of signatures needed to take control of the funds and carry out the theft. Among the stolen assets were high-value cryptocurrencies such as USDT, USDC, and ARB tokens, sparking a strong reaction within the crypto community.
Radiant Capital Exposed by Weak Security
The news has triggered a wave of criticism toward the platform, particularly regarding the choice of security measures. The multisig configuration used has been widely questioned, as platforms handling large amounts of assets should, according to experts, implement more stringent measures. This vulnerability has called into question the platform’s integrity.
4/ thanks for the update from replies. Seems like Arbitrum contract was hacked, too:https://t.co/E7kLLavJ7C
The total lost is > $50M now.— Ancilia, Inc. (@AnciliaInc) October 16, 2024
Following the attack, Radiant Capital urged its users to take preventive measures, recommending the revocation of permissions granted to its smart contracts through platforms like Revoke.cash, which helps identify potential risks in accounts linked to DeFi contracts. The platform also reported that it is cooperating with specialized security firms, such as SEAL911 and Chainalysis, in an effort to track down the attackers and recover the stolen funds. So far, the attackers’ identities remain unknown.
This hack has reignited the debate over the need to strengthen security within the DeFi ecosystem. The speed with which the attackers exploited the vulnerabilities highlights the importance of having more robust security protocols in place
