Radiant Capital Suffers $48 Million Exploit
Radiant Capital, a multichain money market, has fallen victim to a significant security breach, resulting in an estimated loss of $48 million. Early investigations by the security firm Hacken indicate that this incident may stem from a failure in access controls.
Impact on RDNT Token
Following the revelation of the exploit, Radiant Capital’s native token, RDNT, experienced a 7% drop, trading at approximately $0.067, marking a continued decrease of over 5% within the past day.
Details of the Exploit
The breach seemingly involved the compromise of Radiant’s MultiSig wallet, which is designed to enhance security by requiring multiple approvals for transactions. Hackers gained control over the Pool Provider contract and subsequently redirected assets to a malicious contract.
This manipulation enabled the attacker to withdraw significant amounts of assets from the liquidity pools on the Binance Smart Chain (BSC) and Arbitrum networks, leading to major token drains, including Wrapped Ether (WETH), Wrapped Bitcoin (WBTC), and USD Coin (USDC).
Recommendations for Users
Hacken has urged users to revoke any previously granted approvals for Radiant Capital to safeguard their funds from further unauthorized transactions. They reported that the malicious contract had been deployed two weeks prior, indicating premeditated intent for the theft. It’s noteworthy that this was not the attacker’s first attempt; a prior execution on October 10 failed.
Tony Ke, a security engineering lead at FuzzLand, has also suggested revoking approvals on Ethereum and Base as a precaution, despite it not being confirmed that Radiant’s security was compromised on those chains.
Financial Loss and Market Position
Alarmingly, the stolen amount eclipses half of Radiant Capital’s total value locked (TVL), which stood at $75.5 million according to DefiLlama data.
Concerns Over Security Practices
Mudit Gupta, the CISO at Polygon Labs, described the event as a “key management failure.” Although Radiant employed a multi-signature wallet with 11 signers, it required only 3 approvals for contract alterations, raising concerns about insufficient security protocols.
Another user on X highlighted the inadequacy of this low threshold, which represents less than 30% of the total authorization needed.
A History of Exploits
This incident marks the second exploit faced by Radiant Capital in 2024, with an earlier flash loan attack draining $4.5 million back in January. Following that event, Radiant experienced a 37% decline in its TVL just weeks later, although it managed to recover a portion of its assets by March. Despite this recovery, the platform has seen a 75% decrease in TVL year-to-date, keeping the vulnerability of its infrastructure at the forefront of discussions in the DeFi community.
Mentioned in this article
This rewritten content maintains the core information while optimizing for readability and search engine indexing through appropriate use of headings and structured formatting.