- Radiant Capital has lost $50 million months after suffering a similar ordeal
- The funds were drained from the DeFi protocol’s instance on BNB Chain and Arbitrum
- Radiant Capital is working with blockchain security firms to recover the funds
DeFi platform Radiant Capital has lost approximately $50 million after malicious actors exploited the protocol’s asset transfer function. The exploit comes roughly 10 months after the platform lost more than $4 million due to a bug in its smart contracts. Radiant Capital has acknowledged the current situation and is working with reputable blockchain security and analytics firms like Chainalysis, a move that may help recover the funds.
Users Asked To Revoke Smart Contract Access
The exploit was first reported by Ancilia, a blockchain security firm, which recognized unusual activities on the DeFi platform’s smart contracts powered by BNB Chain. Similar suspicious activities were also reported on Radiant Capital’s instance on Arbitrum, an Ethereum layer 2.
#ancilia_alerts It seems like something happen with @RDNTCapital contract on BSC. We have noticed several transferFrom user’s account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke your approval ASAP. It seems like the new implementation had…
— Ancilia, Inc. (@AnciliaInc) October 16, 2024
According to on-chain sleuths, the exploit affected the protocol’s USDT, ARB, and USDC pools on both BNB Chain and Arbitrum. To mitigate losses, the platform has halted its markets on other networks and asked users to revoke access to its smart contracts.
Please revoke access to the following contracts on https://t.co/JqPsJBBfNS.
0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
0x30798cFe2CCa822321ceed7e6085e633aAbC492F
0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
0xA950974f64aA33f27F6C5e017eEE93BF7588ED07 https://t.co/x4l7J8UVeT— Radiant Capital (@RDNTCapital) October 16, 2024
The hackers gained access to private keys belonging to three of the 11 signers controlling the protocol’s multisig wallet, enabling them to transfer the funds. Although Radiant Capital noted that it’s aware of the situation and has halted its smart contracts across chains, it hasn’t disclosed whether it has reached out to the attackers.
Ethereum and BNB Chain Are the Most Targeted Chains
The hack comes five months after bug bounty platform ImmuneFi revealed that hackers consider DeFi projects easy targets. According to ImmuneFi, malicious actors are focusing more on DeFi networks powered by Ethereum and BNB Chain.
Blockchain projects that have lost considerable amounts through exploits this year include the Munchables NFT game, Blast-game Super Sushi Samurai, and Abracadabra Finance.
With Radiant Capital working with blockchain firms like Chainalysis, it’s to be seen whether they’ll offer a bug bounty to the attackers or take legal action.
