Credit protocol Radiant Capital lost $4.5 million in hack

Brother

Brother

Professional
Messages
2,590
Reaction score
485
Points
83
Cross-chain decentralized lending protocol Radiant Capital has confirmed the hack of a new liquidity pool based on the Arbitrum network. Hackers managed to withdraw 1,900 ETH (about $4.5 million).

According to blockchain security company PeckShield, attackers took advantage of a known vulnerability that occurs during the launch of liquidity pools. Radiant Capital has now suspended lending operations in pools on Arbitrum and is conducting an investigation. The hack itself occurred 6 seconds after the launch of a new lending market using the USDC stablecoin.

“The root cause is not new: attackers took advantage of the short time window that occurs when a new lending market is launched,” PeckShield representatives write.

Radiant developers confirmed that the incident “occurred due to an issue with the recently launched Arbitrum-based USDC market.” After investigating the incident, the project will provide a detailed report. At the same time, the developers emphasized that at the moment the funds of users of all other pools are safe, and full operation of the protocol will resume after the investigation of the hack.

It should be noted that 116 cryptocurrency projects closed last year. Some of them collapsed after hacker attacks.
 
Radiant Capital Hacked for Over $50M

Binance Labs-backed Radiant Capital lending protocol has been hacked for over $50 million.

The hacker obtained the private keys of three of the 11 signatures and modified the smart contracts.

The Radiant Capital lending protocol has been hacked on the BNB Chain and Arbitrum networks. The team has called for the affected contracts to be revoked using the Revoke service.

Please revoke access to the following contracts on https://t.co/JqPsJBBfNS.

0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1 0x30798cFe2CCa822321ceed7e6085e633aAbC492F 0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281 0 xA950974f64aA33f27F6C5e017eEE93BF7588ED07 https://t.co/x4l7J8UVeT — Radiant Capital (@RDNTCapital) October 16, 2024
https://twitter.com/x/status/1846673545973432333
Click to expand...

The total loss has exceeded $50 million, according to Ancilia data.

4/ thanks for the update from replies. Seems like the Arbitrum contract was hacked, too:https://t.co/E7kLLavJ7C
The total lost is > $50M now.
— Ancilia, Inc. (@AnciliaInc) October 16, 2024
https://twitter.com/x/status/1846618258163761551
Click to expand...

“We have noticed multiple transfers from user accounts using transferFrom via contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke permissions ASAP. It appears that the new implementation had vulnerable functions,” Ancilia experts noted.

The transferFrom exploit uses a smart contract function to allow one account to send a certain amount of tokens from the victim’s account to a third wallet. Typically, this requires the victim to grant permission to interact with the fake address.

According to Ancilia, the backdoor contract was deployed at approximately 20:09 Kyiv/MSK on October 16.

You were supposed to fight evil

Ancilia accidentally shared a tool for stealing funds from cryptocurrency wallets in an attempt to help users.

In a now-deleted tweet, the company posted a fraudulent link from a fake Radiant account, as noted by a user with the nickname Spreek.

For fuck's sake, if you are a 'trusted' security account, you need to absolutely make sure to never do this pic.twitter.com/2jrpN7P00L
— Spreek (@spreekaway) October 16, 2024
https://twitter.com/x/status/1846637474467975648
Click to expand...

Ancilia asked users to revoke permissions by "following a link in an official message". In reality, it led to a tool for stealing funds.

3 out of 11 signatures hacked

Cybersecurity firm De.Fi reports losses of over $58 million

~$58,000,000 Exploit Alert

Radiant Capital contracts were exploited on BSC & ARB chains with the 'transferFrom' function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others

Revoke approvals ASAP
0xd50cf00b6e600dd036ba8ef475677d816d6c4281 pic.twitter.com/oUHyshwEmL
— De.Fi Antivirus Web3 (@De_FiSecurity) October 16, 2024
https://twitter.com/x/status/1846624940440572405
Click to expand...

Radiant is controlled by a multi-signature wallet with 11 signatories. The attacker was apparently able to obtain the private keys of three of them. This was enough to update the platform's smart contracts, De.Fi emphasized.

Unfortunately, yes.

However, this time, the nature of the hack is different — as in the first time, it was hacked via a flash loan; and now due to the fact that the hacker managed to get access to 3 signers — thus managed to transfer ownership and upgrade the contracts
— De.Fi Antivirus Web3 (@De_FiSecurity) October 16, 2024
https://twitter.com/x/status/1846629116289659386
Click to expand...

Binance Support

In July 2023, the venture arm of the largest crypto exchange Binance invested $10 million in Radiant. The project was also launched on Binance Launchpool.

Reports of the platform hack led to a drop in the RDNT token rate — over the past 24 hours, it has lost 10%.

Radiant is a cross-chain protocol that offers the ability to borrow and lend cryptocurrency. In January, it lost $4.5 million as a result of an attack.

fcc4d6779f.png
 
You must log in or register to reply here.

Similar threads

Man
Radiant Capital Hack: Hackers Stole Over $50 Million
Replies
0
Views
143
Man
Man
Man
Polter Finance Goes Out of Operations After $12 Million Hack
Replies
0
Views
120
Man
Man
Friend
Leak of the private key of the crypto broker DeltaPrime led to the loss of $6 million
Replies
2
Views
167
Man
Man
Carding Forum
DeFi Dough Finance lost $1.8 million due to an instant loan attack
Replies
0
Views
85
Carding Forum
Carding Forum
Carding Forum
White hackers are ready to return $7.6 million worth of stablecoins to the DeFi Rho Markets protocol
Replies
0
Views
92
Carding Forum
Carding Forum
Back
Top