DeFi Protocol Radiant Capital Suffers $50 Million Loss in Major Cyberattack

On October 16, 2024, the decentralized finance protocol Radiant Capital fell victim to a major cyberattack, resulting in the theft of over $50 million. In response to the incident, the platform suspended its lending markets and urged users to revoke access to compromised smart contracts.

Reports of Radiant’s security breach emerged late Wednesday evening. DeFi security experts revealed that the platform’s smart contracts, operating on Arbitrum and BSC, had been modified to siphon off users’ funds.

To execute the attack, the perpetrator needed access to at least three of the 11 multi-signature keys used to manage Radiant’s contracts. The identities of the keyholders remain confidential for security reasons.

The attack commenced with a transaction on BSC, which involved the withdrawal of $303,000 in USDC, $451,000 in BUSDT, 160 BTCB, 220.6 wBETH, 8,469 wBNB, and 470.4 ETH. These assets were drained from Radiant’s pools.

While the platform operates with contracts on Ethereum, Base, Arbitrum, and BSC, only the contracts on Arbitrum and BSC were affected by the breach.

Notably, this is the second time Radiant Capital has been breached within the year. In January, hackers exploited a vulnerability in its smart contracts and stole crypto assets worth $4.5 million. At that time, the attackers manipulated collateral loans and liquidated assets before security updates were implemented.

In light of the recent attack, Radiant Capital’s management has urged users to immediately revoke permissions on the compromised contracts. The platform’s team issued a formal warning via social media channels.