On October 16, 2024, Radiant Capital experienced a highly sophisticated security breach that resulted in the loss of $50 million USD. The attackers exploited multiple developers' hardware wallets through a highly advanced malware injection.

The devices were compromised in such a way that the front-end of @safe{Wallet} (f.k.a. Gnosis Safe) displayed legitimate transaction data while poisoned transactions were signed and executed in the background. This breach occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates.

The DAO contributors strictly adhered to many industry standard operating procedures throughout the process. Each transaction was simulated for accuracy on Tenderly and individually reviewed by multiple developers at each signature stage. Front-end checks in both Tenderly and Safe showed no anomalies during these reviews.

To underscore the significance of this point, the compromise was completely undetectable during the manual review of the Gnosis Safe UI and Tenderly simulation stages of the routine transaction. This has been confirmed by external security teams, including @_SEAL_Org and @HypernativeLabs.

Radiant Capital has been working very closely with Seal911 and Hypernative and has since implemented stronger multisig controls. The U.S. law enforcement and @zeroshadow_io are fully informed of the breach and are actively working to freeze all stolen assets. The DAO is deeply devastated by this attack and will continue to work tirelessly with the respective agencies to identify the exploiter and recover the stolen funds as quickly as possible.

For the full post-mortem, see: