Radiant Capital’s $50M
Breach Among ‘
Most Sophisticated Hacks’
in DeFi
History
Radiant Capital’s $50M Breach Among ‘Most Sophisticated Hacks’ in DeFi History
The DeFi project claimed that hackers compromised the hardware wallets of its
long-term developers and injected malware.
By Will McCurdy
Oct 18, 2024 Oct 18, 2024
3 min read
Hackers. Image: Shutterstock
Create an account to save your articles.
Decrypt’s Art, Fashion, and Entertainment Hub.
Discover SCENE
Decentralized finance ( DeFi ) project Radiant Capital has claimed that groups
analyzing its breach earlier this week “believe this was one of the most
sophisticated hacks ever recorded in DeFi” and that “many protocols are at
risk”.
Radiant and Web3 auditor Hacken estimated the approximate scale of the theft
at $50 million, and it’s thought that USDT , USDC , and ARB tokens were
stolen.
Multiple pools have been fully drained, including:
- USDC
- USDT
- wbETH
- bBTC
- wBNB
- WETH
- WBTC
- ARB
- wstETH
— Hackenðºð¦ (@hackenclub) October 16, 2024
This sum includes at least $16 million drained from a Radiant smart contract
on BNB Chain , as well as funds stolen from some of Radiance’s trading pools
on the Ethereum• Экономика » Финансы » Платежные средства » Платежные системы интернета » Криптовалюта » Ethereum layer-2 network Arbitrum according to Hacken.
Radiant’s platform aims to provide liquidity across different blockchain• Информационные технологии » Информационно-коммуникационные технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн
• Высокие технологии » Информационные технологии и телекоммуникации » Базы данных » Публичная база транзакций » Блокчейн
protocols and allows users to deposit collateral and borrow assets.
Inside the hack
In a blog explaining the attack, Radiant claimed hackers successfully
compromised at least three developers’ hardware wallets , though they were not
able to say the exact number.
Radiant claims the hackers then used malware to “manipulate transaction data
at the device level” and used “poisoned signatures” that looked legitimate to
the signers authorizing the transaction.
The hackers allegedly used the compromised wallets to then carry out three
multi-signature approvals to move crypto to wallets they controlled.
Radiant clarified that the impacted developers had all been “long-standing,
trusted contributors” to its DAO .
Radiant claims the attack used a “sophisticated method” where Radiant
developers, who were using popular Ethereum• Экономика » Финансы » Платежные средства » Платежные системы интернета » Криптовалюта » Ethereum multisig wallet Safe{Wallet} for
transaction verification, were presented with transactions that looked
legitimate.
The project said hackers were able to get past multiple layers of
verification, including full-stack Web3 interface Tenderly and other auditing
tools.
Radiant Capital says it is working with U.S. law enforcement and Web3
cybersecurity firm ZeroShadow , to freeze the stolen assets and recover the
funds.
The project said it is taking numerous steps to prevent future breaches, such
as requiring that its contributors double-confirm transaction data for every
transaction using analytics platform Etherscan .
In addition, contract upgrades and ownership transfers will now be subject to
a minimum 72-hour delay, to give developers enough time to review and verify
changes.
Though Radiance’s recent disaster may allegedly be one of the most
sophisticated hacks in DeFi history, it's by no means the largest.
In May 2022, the Ronin Network, associated with the play-to-earn game Axie
Infinity, suffered a $625 million loss at the hands of hackers.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a
podcast, videos and more.
STARTTEXT
Your Email• Коммуникации » Интернет-коммуникации » Электронная почта
Get it!
Get it!
Your gateway into the world of Web3
Partner
News
Deep Dives
University
Coins
Videos
Event Calendar
Podcasts
News Explorer
Bitcoin Halving
About
Team
Disclosures
Manifesto
Terms of Service
Code of Conduct
1000x Member Terms of Service
Privacy Policy
Contact
Careers
Jobs
Shop