Radiant Capital halted its lending markets after the cross-chain lending protocol suffered a more than $50 million cybersecurity breach on BNB Chain and Arbitrum, according to Radiant and two cybersecurity experts.
“Radiant Capital contracts were exploited on BSC & ARB chains with the ‘transferFrom’ function, which allowed to drain users’ funds, namely $USDC $WBNB $ETH and others,” Web3 cybersecurity firm De.Fi Antivirus said in an Oct. 16 post on the X platform.
De.Fi said the exploit drained approximately $58 million, mirroring estimates from another cybersecurity firm, Ancilia Inc., which pegged losses at around $50 million, according to another X post.
“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum,” Radiant said in an X post.
“We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice,” Radiant said.
Related: Hackers got away with $440M in 28 exploits in Q3: Report
Radiant is controlled by a multisignature wallet, or “multisig.” The attacker purportedly gained control of several signers’ private keys and then seized control of several smart contracts.
“Radiant Capital just had their protocol stolen from them like a school bully steals lunch money. Multisig was compromised and ownership was transferred,” Pop Punk, the pseudonymous co-founder of token launch platform g8keep, said in an X post.
“Revoke all approvals. Tens of millions of dollars in losses so far,” Pop Punk added.
Exploits of access control mechanisms accounted for $316 million, or almost 70% of the total funds stolen in crypto hacks in the third quarter of 2024, according to a report by cybersecurity company Hacken.
Multisigs are the dominant means of securing Web3 protocols but they can create centralized fail-points vulnerable to attackers.
“Many contracts today rely on multisigs, which is far from decentralized,” Sreeram Kannan, founder of restaking protocol EigenLayer, told Cointelegraph in an interview.
“At the end of the day, users aren’t getting the trust that blockchain is supposed to provide,” Kannan added.
“We need to move beyond that.”
Magazine: 10 crypto theories that missed as badly as ‘Peter Todd is Satoshi’