Radiant Capital, a prominent decentralized finance (DeFi) platform, is actively working alongside US law enforcement and Web3 security specialists to recover over $50 million that was stolen in a recent cybersecurity breach.
Insight into the Security Breach
A comprehensive post-mortem report published on October 18 revealed that the hack was one of the most sophisticated attacks witnessed in the DeFi sector. Radiant Capital has raised alarms that similar vulnerabilities may endanger other decentralized platforms.
Details of the Attack
The assailants employed advanced malware to infiltrate the hardware wallets of at least three developers associated with Radiant. The breach allowed the malware to manipulate the Safe{Wallet} interface (formerly known as Gnosis Safe) to show authentic transaction data, while illicit transactions were signed and executed covertly.
Interestingly, the attack coincided with Radiant’s regular adjustment of emissions to adapt to market fluctuations. Despite rigorous security measures—including manual reviews and Tenderly simulations—no anomalies were detected during this period.
Stealthy Execution
The subtlety of the attack was particularly concerning. The hackers exploited typical transaction errors to acquire numerous signatures without being detected. Once they had the required approvals, they executed the “transferOwnership” function, effectively gaining control over Radiant’s lending pools.
Targeted Networks
This exploit affected both the Binance Smart Chain (BSC) and Arbitrum networks, where attackers manipulated the “transferFrom” function in smart contracts, depleting user funds that had previously granted permissions to Radiant’s lending pools.
Safe{Wallet}’s Standpoint
Safe{Wallet} firmly denied any claims that its interface was compromised during the attack. A spokesperson clarified to CryptoSlate that the issue stemmed from a blind signing error. According to Safe{Wallet}, its front-end functioned correctly throughout the incident, and valid transactions were created using the Transaction Builder.
Radiant Capital’s Strategic Response
In the wake of the breach, Radiant Capital has initiated a comprehensive security overhaul:
- All team members have generated new cold wallet addresses using secure devices.
- The security measures for Radiant’s Admin and DAO multisig wallets have been intensified, reducing the number of signers to seven. Now, a minimum of four out of seven signatures is required for transaction approvals.
- To further bolster security, all updates to contracts and ownership changes will now be subject to a mandatory delay of at least 72 hours, courtesy of timelock contracts. This provides developers and the Radiant community ample time to review proposed alterations.
- The team emphasized the adoption of more rigorous signature verification methods and implementing strict operational procedures to prevent future vulnerabilities.
Furthermore, Radiant Capital has outlined measures to assist other protocols in fortifying their defenses against similar threats. These include improved signature verification processes, employing separate devices to verify transaction data, and executing audits in response to error messages to detect weaknesses early.
**Editor’s Note** Updated to include statements from Safe{Wallet}.
Tags
This rewritten content maintains the core information but presents it in a fresh format, optimized with clear headings, subheadings, and bullet points.
