Man
Professional
- Messages
- 3,108
- Reaction score
- 670
- Points
- 113
Vulnerable contracts on Arbitrum and BSC have been in the spotlight.
On October 16, 2024, decentralized finance protocol Radiant Capital fell victim to a major cyberattack that resulted in the theft of over $50 million. In response to the incident, the platform suspended its lending markets and urged users to revoke access to compromised smart contracts.
Reports of a compromise of Radiant's security surfaced late on Wednesday. DeFi security experts reported that the smart contracts of the platform, which runs on Arbitrum and BSC, have been modified to allow users to withdraw funds.
To carry out the attack, the attacker needed to gain access to at least three of the 11 multi-sigs used to manage Radiant contracts. The identities of key holders remain confidential for security purposes.
The attack began with a transaction on BSC that involved withdrawing $303,000 in USDC, $451,000 in BUSDT, 160 BTCB, 220.6 wBETH, 8469 wBNB, and 470.4 ETH. These assets have been withdrawn from Radiant pools.
The platform works with contracts on Ethereum, Base, Arbitrum, and BSC, but only contracts on Arbitrum and BSC were affected by the hack.
Notably, the current incident was the second time Radiant Capital was hacked in a year. In January, hackers took advantage of a vulnerability in smart contracts and stole $4.5 million worth of crypto assets. Then the attackers manipulated the collateral of loans and liquidated assets before implementing security updates.
In connection with the latest attack, the management of Radiant Capital urged users to immediately revoke permissions on compromised contracts. The platform's team distributed a corresponding warning through social networks.
Source
On October 16, 2024, decentralized finance protocol Radiant Capital fell victim to a major cyberattack that resulted in the theft of over $50 million. In response to the incident, the platform suspended its lending markets and urged users to revoke access to compromised smart contracts.
Reports of a compromise of Radiant's security surfaced late on Wednesday. DeFi security experts reported that the smart contracts of the platform, which runs on Arbitrum and BSC, have been modified to allow users to withdraw funds.
To carry out the attack, the attacker needed to gain access to at least three of the 11 multi-sigs used to manage Radiant contracts. The identities of key holders remain confidential for security purposes.
The attack began with a transaction on BSC that involved withdrawing $303,000 in USDC, $451,000 in BUSDT, 160 BTCB, 220.6 wBETH, 8469 wBNB, and 470.4 ETH. These assets have been withdrawn from Radiant pools.
The platform works with contracts on Ethereum, Base, Arbitrum, and BSC, but only contracts on Arbitrum and BSC were affected by the hack.
Notably, the current incident was the second time Radiant Capital was hacked in a year. In January, hackers took advantage of a vulnerability in smart contracts and stole $4.5 million worth of crypto assets. Then the attackers manipulated the collateral of loans and liquidated assets before implementing security updates.
In connection with the latest attack, the management of Radiant Capital urged users to immediately revoke permissions on compromised contracts. The platform's team distributed a corresponding warning through social networks.
Source
