Hackers Exploit Private Key Compromise, Drain Radiant Capital of Over $50 million
The hackers exploited private keys to alter smart contracts on Arbitrum and Binance Smart Chain.
Radiant Capital, a prominent Binance-backed blockchain protocol known for its cross-chain lending services, for the second time this year has suffered a significant hack losing over $51 million to hackers.
The hackers exploited private keys to alter smart contracts on Arbitrum and Binance Smart Chain. At the time of writing, the hacker has more than $32 million in Arbitrum-based assets and around $18 million in tokens on the BNB Chain.
How The Hack Occurred
The attack which began on Wednesday afternoon at about 17:09 UTC, allowed the hacker to access user accounts and start transferring tokens from the Radiant’s Ethereum Layer 2 service before later spreading to the BNB Chain.
Cyvers Alert, a cyber security platform, reported the hack on its X page, saying:
“🚨ALERT🚨
Our system has detected suspicious transactions involving @RDNTCapital on multiple chains.
It appears that the platform has suffered a private key compromise, leading to an ongoing attack. A malicious actor gained control of multi-sig wallets and has already drained over $50 million in user assets.”
Furthermore, users were advised to avoid interacting with the protocol and to revoke any previously granted data approvals until the situation was resolved.
Other cyber security experts explained that the attackers appear to have been able to access Radiant Capital’s blockchain contracts by gaining control of three out of 11 private keys needed to upgrade the protocol. Following the attack, the hacker reportedly used a ‘transferFrom’ function, to move tokens directly from user accounts into their own.
Radiant Capital Response
Following the security breach, Radiant Capital announced on its X page that it had temporarily suspended lending operations. The company also revealed that it had enlisted leading cybersecurity firms, including Chainalysis, SEAL911, Hypernative, and ZeroShadow, to investigate the incident and work towards recovering the stolen assets.
While the team assured users that updates would be forthcoming, there is still widespread concern among the platform’s community about the security of their assets.
Moreover, this is not the first time Radiant Capital has been breached this year. In January, Radiant lost $4.5 million in an unrelated hack stemming from a bug in its smart contracts.
Notably, this year has seen major hacks and breaches across the DeFi space. BingX, and Indodax, together account for over $68 million in recent losses. This alarming trend underscores the growing need for enhanced security measures in the DeFi space as it continues to expand.
The largest breaches impacted This alarming trend underscores the growing need for enhanced security measures in the DeFi space as it continues to expand.