A major cyberattack earlier in the week targeting Radiant Capital resulted in the loss of over $50 million in various digital assets.
The attackers exploited vulnerabilities in the platform’s blockchain contracts on both the Binance Smart Chain and Arbitrum networks.
Red alert
Radiant Capital suffered a serious security breach that allowed unknown hackers to exploit weaknesses in its blockchain systems.
Per the report of the web3 security firm Ancilia, the attackers took advantage of the “transferFrom” function in Radiant’s smart contracts.
This flaw enabled unauthorized transactions, allowing the thieves to drain funds from the platform’s liquidity pools.
The firm mentioned that these issues might have been avoided if Radiant had implemented stronger protective measures and conducted more frequent audits of its contract changes.
In a concerning twist, it was also discovered that three out of the eleven private keys used to secure Radiant’s protocol had been tampered with too.
Experts believe the attackers may have obtained the keys through phishing tactics or by compromising Radiant’s user interface.
Radiant suspends operations
In response to the attack, Radiant Capital temporarily halted all lending operations on the Binance and Arbitrum platforms.
The company then joined forces with blockchain security firms SEAL911 and Hypernative to investigate the breach and strengthen its defenses against future incidents, while urged its users to remove suspicious approvals from their profiles and suspended new transactions until the situation is under control.
DeFi users are understandably concerned about this breach, especially as it comes on the heels of other high-profile hacks in the past months.
This attack raises inconvenient questions again about the overall security of the DeFi sector and whether current protocols are doing enough to protect users’ assets.
Security experts argue that while Radiant used multi-signature wallets, these tools require constant monitoring to prevent unauthorized access.
Crypto wild west
The incident at Radiant Capital adds to a growing list of cyberattacks targeting the crypto industry.
Also, there has been increased regulatory attention on crypto security in the past years, especially in light of major hacks like the 2016 Bitfinex incident, in which $6 billion was stolen.
In connection with that attack, Ilya Lichtenstein is facing a five-year prison sentence after pleading guilty to charges of money laundering.
His wife, Heather Morgan, has also admitted her role and is facing 18 months in prison.
