Radiant Capital’s lending protocol on BNB Chain and Arbitrum was hacked, with $50–58 million stolen by exploiting a vulnerability in the ‘transferFrom’ function.
The cross-chain lending protocol experienced a cybersecurity compromise on BNB Chain and Arbitrum that was estimated to be worth more than fifty million dollars, according to Radiant Capital and two cybersecurity experts. As a result, Radiant Capital ceased its lending operations.
In a post that was published on the X platform on October 16th, the cybersecurity company De.Fi Antivirus stated that “Radiant Capital contracts were exploited on BSC & ARB chains with the ‘transferFrom’ function, which allowed to drain users’ funds, specifically $USDC, $WBNB, $ETH, and others”.
According to another post on X, De.Fi reported that the exploit caused losses of approximately $58 million. These figures are similar to those estimated by Ancilia Inc., a different cybersecurity company, which estimated losses of approximately $50 million.In a post on X, Radiant stated, “We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum”.
We will provide an update as soon as possible. We are now working with SEAL911, Hypernative, ZeroShadow, and Chainalysis. Radiant has halted the markets on Base and Mainnet until they receive more attention. A multisignature wallet, commonly referred to as a “multisig,” manages Radiant.
The person who carried out the attack is said to have obtained possession of the private keys of a number of signers and subsequently taken control of a number of smart contracts. Similar to a school bully pilfering money from a school lunch, Radiant Capital has recently experienced the theft of its protocol.
According to Pop Punk, the pseudonymous co-founder of the token launch platform g8keep, who made the statement in an X post, “Multisig was compromised and ownership was transferred”. Rescind all of the approvals, for the time being, Pop Punk has incurred losses of tens of millions of dollars.
According to a report published by the cybersecurity company Hacken, the breaches of access control mechanisms were responsible for the theft of $316 million, which is equivalent to almost 70 percent of the total funds that were stolen in cryptocurrency hacks during the third quarter of 2024.
Despite the fact that multisignatures are the most common method for securing Web3 protocols, they can result in the creation of centralized failure points that are susceptible to attack.
Sreeram Kannan, the founder of the restaking protocol EigenLayer, stated that “many contracts today rely on multisigs, which is far from decentralized”. Kannan added that, “At the end of the day, users are not getting the trust that blockchain is supposed to provide.”It is imperative that we move beyond it.
