Radiant Capital Hit by $50M+ Exploit, Highlighting Multisig Security Concerns
Major cross-chain lending protocol Radiant Capital has shut its lending markets due to a critical security vulnerability that saw losses of over $50 million combined on the BNB Chain and Arbitrum. The incident, confirmed by cybersecurity experts, once again underlines concerns about the vulnerability of multi-signature wallet systems in blockchain protocols.
According to Web3 security firm De.Fi Antivirus, the attack utilized Radiant Capital's 'transferFrom' function to allow for an unauthorized withdrawal of various cryptocurrencies including USDC, WBNB, and ETH. Initial estimates from De.Fi peg the total losses at around $58 million, though cybersecurity firm Ancilia Inc. quotes a figure closer to $50 million.
Among the first to respond to the breach was Radiant Capital, which immediately announced the suspension of its markets on Base and Mainnet networks. The protocol has enlisted the services of various security firms including SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the incident and put recovery measures in place.
The attack vector appears to have involved Radiant's multi-signature wallet system, where the attacker allegedly accessed several signers' private keys and then took over several smart contracts. Pop Punk, the pseudonymous co-founder of token launch platform g8keep, likened the attack to a "school bully stealing lunch money," emphasizing the severity of the security vulnerability.