Radiant Capital, a decentralized finance (DeFi) lender, reported a significant security breach across multiple blockchain networks, resulting in substantial financial losses.
DeFi lender Radiant Capital suffered a multi-chain attack on Wednesday, with attackers exploiting vulnerabilities in Radiant’s blockchain contracts on the Binance Smart Chain (BSC) and Arbitrum platforms.
This enabled them to siphon off digital assets, including USD Coin (USDC), Wrapped BNB (WBNB), and Ethereum (ETH), amounting to over $50 million.
According to a recent report by web3 security startup Ancilia, the attack entailed exploiting the ‘transferFrom’ function in the blockchain contracts. Through this vulnerability, the attackers were able to perform unauthorized transactions from users' accounts, leading to the direct theft of USDC, WBNB, and ETH from Radiant’s liquidity pools.
The firm, however, stated that the exploitation of this function could have been prevented by implementing more security measures, such as regular audits of contract changes.
Furthermore, it was revealed that out of the eleven private keys used for protecting and enhancing the Radiant protocols, three had been compromised. Security experts are now investigating how the keys were obtained, speculating either a phishing attack on key holders or a compromised interface.
In response to the breach, all lending operations on the Binance Chain and Arbitrum markets initiated by Radiant Capital have been suspended. The organization has also partnered with blockchain security companies SEAL911 and Hypernative to address the issues and prevent future cases.
Radiant has called on its users to delete suspicious approvals on their profiles and has temporarily suspended new transactions.
“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.”
The community response has been one of concern, especially since several similar incidents have occurred in the DeFi sector over the past few months. The loss at Radiant Capital raises questions about the effectiveness of existing measures to protect user’s assets.
Moreover, experts highlight that multi-signature wallets, like the ones used by Radiant Capital, require real-time monitoring to prevent unauthorized access. This underscores the need for higher levels of security to protect against such losses, especially considering the growing regulatory attention towards the increasing crypto hacks.
In related news, US prosecutors have proposed a 5-year imprisonment for Ilya Lichtenstein, following his role in planning the 2016 hack of the Bitfinex exchange, where $6 billion was stolen. Lichtenstein pleaded guilty to charges of money laundering, with his wife, Heather Morgan, facing an 18-month imprisonment for her involvement in the scheme.
The above is the detailed content of USDC, WBNB, ETH Vanish in $50M Radiant Capital Cyberattack. For more information, please follow other related articles on the PHP Chinese website!