- Radiant Capital lost $50 million due to a private key compromise.
- The platform has temporarily halted markets to resolve the ongoing security issue.
With the upcoming US elections approaching, the digital assets sector is undergoing tremendous changes, including alarming security issues. Recently, vulnerabilities were discovered in the Cosmos Hub’s systems, necessitating the recommendation of an extensive audit. In a more immediate issue, the decentralized finance (DeFi) network Radiant Capital was attacked in a blockchain attack, resulting in its second security breach in 2024.
According to Cyvers Alert, Radiant Capital faced a private key compromise that impacted its activities on the BNB Smart Chain (BSC) and ARB chains, leading to a loss of about $50 million in money. Cyvers, which is known for its on-chain investigation work, offered a thorough examination of the incident.
Radiant Capital, like many prominent cryptocurrency organizations, utilizes a multi-signature wallet to enhance security. This wallet setup requires three out of eleven signatures to authorize transactions. Unfortunately, an attacker gained access to the private keys of three wallet owners. With these keys, the attacker was able to sign transactions off-chain and transfer ownership of the affected chains.
Radiant Capital Attack Details
Following the initial breach, the attacker successfully transferred ownership of the LendingPoolAddressesProvider to a malicious contract. This strategy enabled the hacker to manipulate the lending pool systems and steal the aforementioned funds, including USDC, Wrapped BNB, and ETH tokens.
Radiant Capital faced significant issues earlier in January 2024 when it was hit by a major security breach. The attack occurred with the launch of its USDC market on the ARB chain. During the breach, a hacker managed to steal ETH tokens valued at $4.5 million. Following the breach, the procedure temporarily halted lending and borrowing activity to limit the impact.
According to Lookonchain, the current attacker turned the stolen tokens into 12,835 ETH and 32,113 BNB. Despite ongoing investigations, the hacker’s identity is unknown, with just wallet addresses exposed. In response to the recent incident, Radiant Capital stopped operating markets on its Base and Mainnet while it worked to resolve the situation.
Adding to the concerns about cryptocurrency security, the FBI reported in September that $5.6 billion in assets had been lost to crypto frauds in recent years. As the landscape evolves, the importance of strong security measures for digital asset players has never been stronger.