Radiant Capital Loses $50M in Second Major Blockchain Hack

Radiant Capital, a prominent Binance-backed blockchain protocol known for its cross-chain lending services, became the target of a significant cyberattack on Wednesday.

Key Insights:

• Radiant Capital suffered a $50 million cyberattack, marking its second major hack of 2024, with hackers exploiting private keys to alter smart contracts on Arbitrum and Binance Smart Chain.

• The hacker converted the stolen assets into 12,835 ETH and 32,113 BNB, swiftly moving the funds across networks to evade detection.

• Radiant Capital has paused lending operations and engaged top cybersecurity firms, including Chainalysis, to investigate the breach and recover the stolen assets.

Hackers managed to steal over $50 million in various cryptocurrencies, marking the platform’s second major breach this year. The incident has raised serious concerns about security vulnerabilities in decentralized finance (DeFi), which continues to face increasing scrutiny due to frequent hacks.

Radiant Capital Loses $50M to Second Blockchain Exploit This Year
Attackers appear to have obtained three out of 11 private keys needed to upgrade the protocol. #Blockchain #crypto #cryptocurrency #BTC

— Crypto Catalyst (@Brielle1490177) October 17, 2024

According to Web3 security firm De.Fi – DeFi Investing & Yield Farming Platform Antivirus, the attackers managed to gain access to three out of the eleven private keys required for conducting protocol upgrades.

This allowed them to alter Radiant’s smart contracts on both the Arbitrum and Binance Smart Chain (BSC) networks, enabling the unauthorized transfer of funds.

The stolen assets included prominent cryptocurrencies like USDC, ETH, and BNB. The exploit used in the heist was identified as ‘transferFrom,’ which allowed the hackers to move tokens directly from user accounts into their own.

Radiant Capital Halts Lending After $50M Heist

Following the attack, Radiant Capital immediately suspended its lending operations on both the BNB Chain and Arbitrum networks. This precautionary measure was taken to prevent further unauthorized transfers and limit potential damage.

The team also paused markets on Base and Mainnet, announcing that all operations would remain frozen until the situation is fully under control.

Blockchain analytics firm Lookonchain reported that the hacker quickly converted the stolen assets into 12,835 ETH, valued at $33.6 million, and 32,113 BNB, worth $19.4 million.

The swift conversion of the funds highlights the efficiency with which cybercriminals operate in the DeFi space, often moving assets across various networks before detection.

Radiant Capital has since engaged cybersecurity experts, including SEAL911, Hypernative, ZeroShadow, and Chainalysis, to investigate the breach and recover the stolen funds. While the team assured users that updates would be forthcoming, there is still widespread concern among the platform’s community about the security of their assets.

Hacker Converts Stolen Crypto Into ETH and BNB

Lookonchain’s data shows that the hacker converted the stolen cryptocurrencies into 12,835 ETH, valued at $33.6 million, and 32,113 BNB, worth approximately $19.4 million.

This rapid conversion demonstrates how effectively hackers operate, moving assets across different blockchains to cover their tracks and evade law enforcement.

#bitcoin – https://t.co/j9DnjYJmgF | Radiant Capital Loses $50M to Second Blockchain Exploit This Year

— Kaneda (@Kaneda_200) October 17, 2024

Radiant Capital is working with top security firms and blockchain analytics experts like Chainalysis to track the stolen funds and find a solution.

However, DeFi projects face significant challenges in recovering funds after such hacks due to the decentralized nature of the platforms, which makes it difficult to freeze or reverse transactions.

Second Major Cyberattack on Radiant in 2024

This marks the second time Radiant Capital has suffered a cyberattack in 2024. Earlier in January, the protocol lost $4.5 million due to a separate exploit involving a smart contract flaw.

However, the nature of this recent breach differs significantly, with the hackers gaining control over three private key signers, allowing them to transfer ownership and modify contracts.

The Radiant attack comes amid a broader wave of cyber incidents targeting the crypto sector. In September 2024 alone, more than $120 million was stolen across multiple platforms, according to data from PeckShield.

The largest breaches impacted BingX, Penpie, and Indodax, which together accounted for over $90 million in losses. This alarming trend underscores the growing need for enhanced security measures in the DeFi space as it continues to expand.