According to Cointelegraph, Radiant Capital has resumed its Ethereum lending markets following a hack that resulted in an estimated $58 million loss in digital assets. On November 1, the lending protocol announced the implementation of several improvements to its framework, including transferring ownership into a timelock contract. This new measure enforces a mandatory 72-hour waiting period for any adjustments, which the Radiant Capital team claims will enhance the protocol's security.
Additionally, the team has introduced an emergency admin role using a multisignature structure, tasked with pausing and unpausing the lending protocol’s markets as necessary. The decentralized autonomous organization (DAO) has also increased its multisignature security by reducing the number of required signers to seven, with a four out of seven signing threshold. Multisignature wallets are known to enhance security by requiring multiple signatures to execute or process crypto transactions, thereby eliminating the risk of a single point of failure associated with having only one private key.
These security enhancements come in the wake of an exploit that led to over $50 million in digital asset losses. On October 16, Radiant Capital halted its lending markets after a cybersecurity breach on BNB Chain and Arbitrum. The attacker gained control of several signers’ private keys and smart contracts, allowing them to drain over $50 million in assets from the protocol. On October 18, Radiant Capital confirmed in a post-mortem that the attackers compromised the devices of at least three of its core developers by injecting malware. The compromised devices displayed legitimate transaction data on the front-end of their wallets while malicious transactions were signed and executed in the background.
Security professional Patrick Collins described the incident as a “$50 million lesson” for the decentralized finance (DeFi) space, emphasizing the need for better educational tools and verification processes for transactions using hardware wallets. Meanwhile, the Radiant Capital hacker has already moved about $52 million of the stolen funds. On October 24, blockchain security firm PeckShield reported that the exploiter had moved nearly all of the stolen funds.
Phishing incidents in the crypto space have led to significant losses in digital assets. For instance, on August 21, a crypto phishing attack drained $55 million in stablecoins after a whale mistakenly signed a transaction that transferred ownership of funds to attackers. Due to such incidents, hardware wallet company Ledger advocates for promoting clear signing in the crypto space. Ledger CEO Pascal Gauthier previously told Cointelegraph that the industry should move away from blind signing and has partnered with several entities to educate the community on clear signing initiatives.
