The Incident Unfolds
The attack was initially reported by blockchain security firm Ancilia Inc., which detected suspicious activity involving Radiant Capital’s smart contracts on the BNB Chain. Early reports indicated that approximately $16 million had been drained from the platform on BNB. Shortly thereafter, assets were also siphoned from Radiant’s liquidity pools on Arbitrum. Another security firm, Hacken, later confirmed that the total stolen assets, including USDT, USDC, and ARB, amounted to nearly $50 million.
In response to the incident, Radiant Capital acknowledged the issue on X (formerly Twitter), stating, “We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum.” The team assured users that they were collaborating with blockchain security experts from SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the breach.
How the Attack Happened
According to Web3 security firm De.Fi, attackers exploited Radiant’s smart contracts using the ‘transferFrom’ function, allowing them to drain user funds. Radiant employs a multi-signature (multisig) wallet system, which requires 11 signers to authorize any protocol upgrades. The attackers somehow gained access to three of these private keys, providing them with enough control to modify the smart contracts and execute the attack.
While the precise method of private key compromise remains unclear, some experts suggest it may have resulted from a front-end attack. This type of exploit can deceive legitimate key holders into interacting with a malicious interface, inadvertently granting the attacker access to the protocol.
In light of the breach, Radiant responded by pausing its markets on Ethereum and the layer-2 network Base while urging users to revoke their smart contract permissions as a precautionary measure. The platform directed users to the Revoke.Cash service to assess their risk levels.
Not the First Incident
This latest exploit is not an isolated incident for Radiant Capital. Earlier in January, the protocol was targeted in a flash loan-based attack on Arbitrum, resulting in a loss of $4.5 million due to a bug in its smart contracts. These recurring breaches underscore the vulnerabilities inherent in DeFi systems, where even protocols designed for capital efficiency and security are frequently targeted by sophisticated hackers.
The Broader Impact
Radiant Capital operates as a decentralized autonomous organization (DAO) and aims to unify fragmented liquidity across various Web3 money markets into a seamless, omnichain platform. However, repeated security incidents could erode confidence in Radiant and similar DeFi projects. The need for stronger security frameworks is becoming increasingly evident as hackers continue to exploit weaknesses in decentralized systems.
This breach, resulting in substantial financial loss, serves as a stark reminder of the risks associated with engaging in DeFi platforms. Although Radiant and its team are taking steps to address the situation, the full extent of the damage—both financial and reputational—remains to be seen.
Conclusion
The $50 million exploit on Radiant Capital has shaken the DeFi community once more, raising serious questions about the security of blockchain protocols and the protection of user funds. With two major hacks occurring within a year, Radiant faces an uphill battle to regain trust among its users. This incident highlights the critical need for ongoing vigilance and improved security measures in the rapidly evolving world of decentralized finance.
As this story continues to develop, Radiant Capital has yet to provide a detailed explanation regarding how attackers gained access to the private keys. Until the investigation concludes, users are advised to remain alert and take necessary precautions to protect their assets.
Ecosystem
Research
News Network
About