Radiant Capital, a blockchain protocol backed by Binance, experienced a devastating hack on Wednesday, resulting in the theft of over $50 million. The attackers were able to gain control of three out of eleven private keys required for protocol upgrades, allowing them to modify smart contracts on both the Arbitrum and Binance Smart Chain networks. Various cryptocurrencies, including USDC, ETH, and BNB, were stolen using an exploit known as ‘transferFrom,’ enabling the direct transfer of tokens from user accounts to the attackers. Lookonchain reported that the stolen assets were converted into 12,835 ETH and 32,113 BNB, totaling $33.6 million and $19.4 million respectively.
Following the cyberattack, Radiant Capital suspended its lending operations on the Binance Smart Chain and Arbitrum to prevent further unauthorized transfers. The team is currently working with various organizations, including SEAL911, Hypernative, ZeroShadow, and Chainalysis, to address the breach and provide updates on the situation. Trading on Base and Mainnet has been paused until further notice to assess the damage and implement necessary security measures. This is not the first security breach for Radiant Capital, as the protocol had previously experienced a $4.5 million exploit in January due to a smart contract flaw.
The recent attack on Radiant Capital marks the second security breach the protocol has faced this year. De.Fi Antivirus noted that this breach differed from the previous one, which involved a flash loan exploit, as the attackers this time gained access to three signers, allowing them to transfer ownership and conduct contract upgrades. In September 2024, the crypto industry saw a wave of targeted hacks on various platforms, resulting in over $120 million in losses. PeckShield data revealed more than 20 incidents that impacted both centralized and decentralized systems, with the most significant losses occurring on platforms like BingX, Penpie, and Indodax, totaling over $90 million in damages.
The hackers behind the Radiant Capital breach were able to exploit the ‘transferFrom’ function in the smart contracts, allowing them to drain users’ funds directly into their own wallets. The stolen assets, including USDC, WBNB, ETH, and others, were utilized to obtain 12,835 ETH and 32,113 BNB. In response to the attack, Radiant Capital has taken swift action by suspending lending operations on both the Binance Smart Chain and Arbitrum networks to prevent further unauthorized transfers. The team is collaborating with security firms and blockchain analytics companies to address the breach and provide updates on the situation.
The frequency of cyberattacks in the crypto industry has raised concerns about the security measures in place to protect users’ funds and assets. The rise in targeted hacks on platforms like Radiant Capital, BingX, and Indodax highlights the need for stronger security protocols and continuous monitoring of smart contracts to prevent unauthorized access and exploitation. The continuous efforts of the crypto community, security firms, and protocols like Radiant Capital to enhance security measures and address vulnerabilities are crucial in safeguarding the assets and trust of users in the decentralized ecosystem. With the ongoing threats of cyberattacks, the industry must remain vigilant and proactive in minimizing risks and ensuring the protection of users’ investments.
