According to Cointelegraph: Radiant Capital, a leading cross-chain lending protocol, has paused its lending markets following a major cybersecurity breach that resulted in the loss of approximately $58 million. The exploit affected the protocol’s operations on BNB Chain and Arbitrum, where hackers manipulated the "transferFrom" function to drain assets including USDC, WBNB, and ETH, according to Web3 cybersecurity firm De.Fi.

Cybersecurity experts from Ancilia Inc. also confirmed the breach, estimating total losses around $50 million. In an official statement on the X platform, Radiant Capital acknowledged the security issue and confirmed they are working with industry leaders such as SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the breach. As a precaution, Radiant has temporarily paused operations on Base and Mainnet.

Multisig Compromise Led to $58 Million Loss

The attackers allegedly gained control of multiple signers' private keys from Radiant's multisignature wallet, known as a multisig, which enabled them to take control of several smart contracts. This led to a significant theft of user funds. Pop Punk, co-founder of token launch platform g8keep, described the attack as similar to “a school bully stealing lunch money,” urging users to revoke all approvals immediately.
 

Losses across various attack types in 2024. Source: Hacken

Growing Trend of Crypto Exploits in 2024

This breach is part of a broader trend of increasing crypto protocol hacks in 2024. According to a report from cybersecurity company Hacken, access control mechanism exploits accounted for $316 million, or nearly 70%, of total funds stolen in Q3 2024. The report highlights the vulnerability of multisigs, which, while commonly used, introduce centralized failure points for attackers.

Importance of Decentralized Security

The breach at Radiant Capital has reignited discussions around the need for decentralized security solutions in Web3 protocols. Sreeram Kannan, founder of EigenLayer, emphasized that relying on multisigs compromises the trust that blockchain technology is supposed to provide. He called for the development of more decentralized and secure mechanisms to protect user funds.

Conclusion: User Action Required

As Radiant Capital continues its investigation, users are strongly urged to revoke token approvals and take necessary precautions to safeguard their funds. With losses across the crypto industry continuing to rise, securing blockchain protocols and reducing centralized points of failure has become more critical than ever.