Radiant capital transferFrom exploit leads to over 50M dollars loss
.jpg)
Cross-chain lending protocol Radiant Capital has experienced an exploit, according to onchain evidence and Web3 security Ancilia.
According to Arkham Intelligence data, the attack started on Radiant's Ethereum Layer 2 Arbitrum instance on Wednesday afternoon before spreading to Chain.
#ancilia_alerts It seems like something happen with @RDNTCapital contract on BSC. We have noticed several transferFrom user's account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke your approval ASAP. It seems like the new implementation had…
— Ancilia, Inc. (@AnciliaInc) October 16, 2024
Radiant Capital just had their protocol stolen from them like a school bully steals lunch money.
— Pop Punk (@PopPunkOnChain) October 16, 2024
Multisig was compromised and ownership was transferred.
Revoke all approvals. Tens of millions of dollars in losses so far. pic.twitter.com/vu5dIO2AH6
Radiant Capital suffers exploits on BNB Chain and Arbitrum
In a post on the X platform on October 16, Web3 cybersecurity company De.Fi Antivirus stated that "Radiant Capital contracts were hacked on ARB and BSC chains with the 'transferFrom' function, which allowed to drain users' funds, namely $ETH, $USDC, $WBNB, and others."
From a wallet controlled by Radiant, the hacker transferred wrapped tokens, such as BNB, ETH, USDC, and USDT, to a single address beginning with 0x0629b. There are over $32 million worth of arbitrum-based assets and about $18 million worth of BNB Chain tokens in the attacker's address. WeETH and wstETH, two ETH derivatives, are its largest holdings.
According to another X post, De.Fi claimed that the exploit cost about $58 million, which is consistent with estimates from Ancilia Inc., another cybersecurity company, which estimated losses at about $50 million.
Ancilia posted on X that a number of transfers from the user's account have been observed via contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281 and wrote to Radiant Capital to kindly withdraw approval as soon as possible as it appears that the new implementation had vulnerability functions. Ancilia claims that at around 17:09 UTC on Wednesday, a backdoor contract was put into place, allowing the unidentified attacker to obtain unauthorized access and start sending tokens.
What is a transferFrom exploit?
A transferFrom exploit allows one account to send a predetermined quantity of tokens from a target account to a third account by utilizing the transferFrom function of a smart contract. In most cases, access to a spoof wallet address requires authorization from the victim's account. As a precaution, Ancilia is advising Radiant users to cancel all Radiant contract addresses.
Radiant Capital stops lending
The cross-chain lending protocol experienced a more than $50 million cybersecurity breach on BNB Chain and Arbitrum, prompting Radiant Capital to suspend its lending markets.
In an X post, Radiant said the company is aware of an issue with its lending markets on the Arbitrum and Binance chains. We are collaborating with Chainalysis, ZeroShadow, Hypernative, and SEAL911, and we will give you an update as soon as we can. In addition, Radiant said that the Base and Mainnet markets would be paused until further notice.
A multisignature wallet, or "multisig," is in control of Radiant. The attacker allegedly obtained the private keys of multiple signers before seizing control of multiple smart contracts.
Just like a school bully stealing lunch money, Radiant Capital's protocol was just stolen. In an X post, Pop Punk, the pseudonymous co-founder of the token launch platform g8keep, claimed that ownership had been transferred and that Multisig had been compromised.
Crypto security firm Ancilia shares drainer link
In an effort to help victims of the $52 million Radiant exploit, the cryptocurrency security company Ancilia mistakenly shared a link to a cryptocurrency wallet drainer.
The pseudonymous crypto commentator Spreek shared a screenshot of Ancilia's since-deleted post, which reposted what they said was a scam link from a fraudulent X account.
After the lending protocol was breached on October 16, users of Radiant Capital were rushing to cancel permissions in order to protect their funds. Users attempting to remove their permissions on the compromised protocol were directed by Ancilia to please follow the link from this official message. A wallet drainer would have drained the funds of any user who clicked on the link and gave permissions.
Radiant Capital flash loan attack leads to 1900 ETH loss
Radiant Capital suffered a flash loan attack earlier this year that cost them about 1900 ETH. According to PeckShield, the hacker took advantage of a window of opportunity that was only six seconds after the lending system's new USDC market was activated.
A rounding issue in the codebase was exploited, resulting in cumulative precision errors. This vulnerability allowed the hackers to profit from recurring deposit and withdrawal operations.
Disclaimer
This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.