In a significant cybersecurity incident, Radiant Capital, a decentralized finance (DeFi) platform that enables borrowing, lending, and exchanging cryptocurrencies across blockchain networks such as Arbitrum and Binance Smart Chain (BSC), faced an alarming cyberattack on October 16, 2023. This event marked the second major cyber breach for the platform within the current year, culminating in a loss exceeding $50 million. Cybersecurity specialists have determined that the hackers exploited specific vulnerabilities within the project’s contracts. By manipulating the transferFrom() function, they managed to siphon funds unauthorizedly, impacting assets like USDC, WBNB, and ETH.
Reports from QuillAudits estimate the damage to be around $58 million. The severity of this breach lay not just in the monetary losses, but also in the manner in which the attackers managed to infiltrate the system. They seized control by obtaining three out of eleven private keys required for a multi-signature wallet, which is essential for making contract modifications on Radiant Capital’s platform. These keys were then leveraged to alter the LendingPoolAddressesProvider smart contract’s owner, consequently allowing the hackers to replace the legitimate lending pools’ smart contract with their own tainted version. This malicious version included a hidden backdoor, facilitating the unauthorized draining of user funds.
The Immediate Response and Mitigation Efforts
In the wake of the breach, Radiant Capital’s team acted swiftly to mitigate further losses and secure the platform. One of their urgent recommendations to users was to revoke access to specific contracts that might have been compromised, guiding them to use revoke.cash for this purpose. This step aimed to prevent any additional unauthorized transactions that could exacerbate the existing financial damage. The importance of this immediate action cannot be overstated, given the already substantial losses.
However, the chaos surrounding the incident was further intensified by a severe misstep involving Ancilia, a Web3 cybersecurity service provider engaged in the incident’s response efforts. Ancilia inadvertently compounded the situation by sharing a scam link from a fake Radiant account. This fraudulent link was infested with malware designed to siphon funds from legitimate crypto wallets to the attackers’ accounts. The inadvertent sharing of this malicious link potentially expanded the scope of the victim pool, putting even more user funds at risk.
Ancilia quickly rectified their mistake by removing the fraudulent link and issuing a public apology. Despite their prompt response, the damage had been done for those who might have interacted with the scam link before it was taken down. This emphasizes the critical necessity for heightened vigilance and meticulousness when communicating in the high-stakes world of DeFi, where even minor errors can have far-reaching consequences.
Historical Context and Broader Implications
In a significant cybersecurity breach, Radiant Capital, a decentralized finance (DeFi) platform facilitating cryptocurrency borrowing, lending, and exchanging on networks like Arbitrum and Binance Smart Chain (BSC), was attacked on October 16, 2023. This was the platform’s second major cyber incident of the year, resulting in losses exceeding $50 million. Cybersecurity experts found that hackers exploited vulnerabilities in the platform’s contracts. By manipulating the transferFrom() function, they siphoned off assets such as USDC, WBNB, and ETH.
QuillAudits reported the total damage at around $58 million. The breach was not just costly but complex. Hackers took control by acquiring three out of eleven private keys needed for the multi-signature wallet used for contract modifications on Radiant Capital’s platform. They then altered the LendingPoolAddressesProvider smart contract’s owner, enabling them to swap the official lending pools’ smart contract with their malicious version. This tainted contract had a hidden backdoor, allowing them to drain user funds unauthorizedly.
The dual impacts of significant financial loss and the methodical infiltration highlight the severity of this cybersecurity incident.
