Radiant Capital, a Binance-backed blockchain protocol specializing in cross-chain lending, has fallen victim to a major cyberattack, with hackers stealing more than $50 million in various cryptocurrencies. The breach occurred on Wednesday, as reported by the Web3 security firm De.Fi Antivirus.
The attackers gained control of three out of the eleven private keys necessary for protocol upgrades, which enabled them to modify smart contracts on both the Arbitrum and Binance Smart Chain (BSC) networks. Utilizing an exploit known as "transferFrom," the hackers were able to transfer tokens directly from user accounts into their own wallets, facilitating the theft of assets including USDC, ETH, and BNB.
According to Lookonchain, the hacker converted the stolen assets into approximately 12,835 ETH, valued at $33.6 million, and 32,113 BNB, worth around $19.4 million.
Following the discovery of the breach, Radiant Capital promptly suspended its lending operations on both the BNB Chain and Arbitrum to prevent any further unauthorized transfers. The protocol's team is actively collaborating with cybersecurity firms such as SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the incident and mitigate the damage. They assured users that updates regarding the situation will be provided soon, while markets on Base and Mainnet remain paused until further notice.
This incident marks Radiant Capital's second hack in 2024. Earlier this year, the protocol suffered a separate exploit in January, resulting in a loss of $4.5 million due to a smart contract flaw. De.Fi Antivirus notes that this recent attack differs from the earlier incident, which involved a flash loan exploit. In this case, the hacker gained access to three signers, enabling them to transfer ownership and perform contract upgrades.
The hacking of Radiant Capital comes amid a worrying trend in the cryptocurrency sector. In September 2024 alone, attackers stole over $120 million through targeted hacks across multiple platforms. Data from PeckShield revealed more than 20 incidents impacting both centralized and decentralized systems, with the largest losses occurring at BingX, Penpie, and Indodax, amounting to over $90 million in combined damages.
As the crypto space continues to grapple with security vulnerabilities, the need for robust safeguards and constant vigilance becomes ever more crucial for platforms and users alike.
October 2024, Cryptoniteuae