On October 16, the Radiant Capital lending protocol experienced its second cyberattack of the year, resulting in a loss of over $50 million. According to data from De.Fi Antivirus Web3, the project's contracts were exploited
Malicious code that exploits vulnerabilities in software security to propagate cyber threats. on the Binance Smart Chain (BSC) and Arbitrum (ARB) chains using the transferFrom() function, allowing the attackers to drain users' funds, including USDC, WBNB, ETH, and others.
As reported by analysts at QuillAudits, the losses from the hack amount to $58 million. The perpetrators managed to gain control of the platform's contracts by obtaining three out of eleven private keys for a multisig wallet (where the signatures of all owners are required for a decision). They then used this information to change the owner of the LendingPoolAddressesProvider smart contract. Following this, the hackers replaced the original lending pool smart contract with their own, which contained a backdoorA defect intentionally embedded in the algorithm by the developer that allows unauthorized access., enabling them to access users' funds using the transferFrom() functionThe transferFrom() function transfers tokens from the owner's account to the recipient's account, but only if the transaction initiator has sufficient allowance previously approved by the owner to the initiator..
The Radiant Capital team requested the revocation of access to the following contracts on the revoke.cash website:
- 0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
- 0x30798cFe2CCa822321ceed7e6085e633aAbC492F
- 0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
- 0xA950974f64aA33f27F6C5e017eEE93BF7588ED07
In this situation, some affected users may have lost funds twice. The reason is that the Web3 cybersecurity service provider Ancilia, which is also handling this incident, mistakenly shared a scam link from a fake Radiant account in their publication. This link contained a crypto-drainer, a type of malware designed to quickly and automatically siphon funds from legitimate crypto wallets to the attackers' wallets.
In their message, Ancilia asked users to revoke permissions and provided a link from their publication to do so. However, the link led to the drainer instead.
“We accidentally reposted a fraudulent link, and we apologize. The post has been removed,” the cybersecurity specialists modestly stated.
The first breach of Radiant Capital in 2024 occurred in January, with a loss of $4.5 million due to vulnerabilities in the smart contracts.
Radiant Capital (RDNT) is a decentralized finance (DeFi) platform for loans, borrowing, and cryptocurrency exchange across various blockchain networks. It operates on two popular networks—Arbitrum and BNB Smart Chain—and employs advanced technologies for faster and more secure data exchanges between blockchains.
Comments (0)
There are no comments for now