On October 16, Radiant Capital’s lending protocol suffered the second cyberattack this year, resulting in the loss of more than $50 million. According to data De.Fi Antivirus Web3, the project’s contracts were exploited
Malicious code that exploits software security vulnerabilities to spread cyber threats. on the Binance Smart Chain (BSC) and Arbitrum (ARB) chains with the transferFrom() function, which allowed users’ funds to be drained, namely: USDC, WBNB, ETH, etc.
How reported analysts at QuillAudits, the losses from the hack amounted to $58 million. The attackers managed to gain control of the platform’s contracts by obtaining three of the 11 private keys for a multi-signature wallet (when all owners’ signatures are required to make a decision). And then they used this data to change the owner of the LendingPoolAddressesProvider smart contract. Next, the hackers replaced the smart contract of the lending pools with their own, with a backdoorAn algorithmic defect that is deliberately built into it by the developer and allows unauthorized access., which allowed them to access users’ funds using the transferFrom() functionThe transferFrom() function transfers tokens from the owner's account to the recipient's account, but only if the initiator of the transaction has a sufficient supply that has been previously approved by the owner to the initiator of the transaction..
The Radiant Capital team has asked to revoke access to the following contracts on the site revoke.cash:
- 0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
- 0x30798cFe2CCa822321ceed7e6085e633aAbC492F
- 0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
- 0xA950974f64aA33f27F6C5e017eEE93BF7588ED07
In this situation, some victims could have lost money twice. The fact is that Web3 cybersecurity service provider Ancilia, which is also involved in this incident, mistakenly shared a scam link from a fake Radiant account in its publication. The link contained a cryptojack, a type of malware that can be used to quickly and automatically withdraw funds from legitimate crypto wallets to attackers’ wallets.
In their message, Ancilia asked users to revoke their permissions by following the link from their publication. The latter led to a drainer.
«We accidentally reposted a fraudulent link, we apologize. The post has been removed», — modestly reported cybersecurity specialists.
The first hack of Radiant Capital 2024 took place in January. Back then, $4.5 million was lost due to a vulnerability in smart contracts.
Radiant Capital (RDNT) — is a decentralized finance (DeFi) platform for borrowing, lending, and exchanging cryptocurrencies from different blockchain networks. It operates on two popular networks — Arbitrum and BNB Smart Chain, and uses advanced technologies to exchange data between blockchains faster and more securely.
Spelling error report
The following text will be sent to our editors: