$50M Gone in Radiant Capital Hack – How Did It Happen Again?
Hackers gained access to three private keys that control the Radiant protocol, allowing them to manipulate smart contracts and withdraw user funds.
On this page
Hackers gained access to three private keys that control the Radiant protocol, allowing them to manipulate smart contracts and withdraw user funds.
This was reported by DeFi Antivirus Web3 on their X account.
The attack took place on both the Binance Smart Chain and Arbitrum networks. The attackers exploited a vulnerability in the “transferFrom” function*, enabling them to transfer funds from users' accounts without their authorization.
*The transferFrom function is widely used in ERC-20 token smart contracts. It allows one account to transfer tokens from another account. What makes transferFrom unique is that the tokens don’t need to belong to the person initiating the transfer. Before completing the transaction, the function checks if the spender has been authorized by the token owner to transfer tokens on their behalf and whether the owner has sufficient tokens. If both conditions are met, the transaction proceeds.
DeFi Protocols Remain a Tempting Target for Hackers
Radiant Capital, like many other decentralized finance (DeFi) protocols, relies on a multisignature system to safeguard its assets. However, hackers managed to bypass this system by obtaining access to enough private keys to carry out the exploit.
An investigation is currently underway to determine how the attackers gained control of the private keys. One theory suggests a possible compromise of the platform’s front-end, allowing hackers to substitute legitimate management tools.
Radiant Capital has already suspended its markets and is collaborating with several cybersecurity firms to investigate the incident and attempt to recover the stolen funds.
This attack on Radiant Capital underscores the ongoing risks of using DeFi protocols. Despite their decentralized nature, these platforms remain vulnerable to hacking. Many of the attacks are tied to breaches in smart contracts, making it critical for developers to prioritize code security. A thorough audit of smart contracts is essential before launching any decentralized finance project.
It seems that the January 2024 hack, when Radiant Capital lost nearly 1,900 ETH, did not serve as a sufficient lesson for the platform.
You might also like: Hacker's Generous Heist: $2 Million in SOL Stolen and Gifted
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.