Radiant Capital has provided an in-depth analysis of the exploit that occurred on October 16, resulting in the theft of over $50 million in user assets.
The post-mortem reveals that the cybercriminal employed sophisticated malware to manipulate transactions, allowing them to hijack funds during a standard multi-signature approval process.
Attack Methodology Capitalized on Common Mistakes
The incident began when the hacker compromised hard wallets belonging to three developers of the protocol, injecting them with malware that simulated legitimate transaction requests. As the developers signed what they believed were normal emissions adjustments, the malware executed unauthorized transactions behind the scenes.
Radiant Capital emphasized that its contributors adhered strictly to standard operating protocols during this critical process. They thoroughly vetted each transaction for accuracy using the comprehensive Web3 infrastructure platform, Tenderly, in addition to reviewing each signature step-by-step.
Despite these extensive verification measures, front-end checks revealed no obvious irregularities, even as the malware infiltrated the protocol’s systems.
Particularly notable in the company’s assessment was the attacker’s exploitation of typical transaction failures to execute the hack. They leveraged wallet resubmissions—often resulting from gas price fluctuations or network congestion—as a cover to acquire private keys while keeping their actions concealed.
Subsequently, the perpetrator gained control of various smart contracts and proceeded to drain millions of dollars worth of cryptocurrencies, including USDC, wrapped BNB (wBNB), and Ethereum (ETH).
The total amount taken ranges from $50 million to $58 million, depending on the reporting source. However, the decentralized finance (DeFi) platform has cited the lower figure in its account of the event.
FBI Engaged to Aid in Recovery of Stolen Assets
In the report, the cross-chain lender stated it is collaborating closely with U.S. law enforcement agencies, including the FBI, as well as cybersecurity firms SEAL911 and ZeroShadow to trace the stolen cryptocurrencies.
Additionally, as a precautionary measure, it has advised users to revoke approvals across all chains including Arbitrum, BSC, and Base. This advice comes in response to the exploiter taking advantage of open approvals to deplete user accounts.
Radiant Capital has also implemented new cold wallets and adjusted signing thresholds to bolster the platform’s security. Furthermore, it has established a mandatory 72-hour waiting period for all contract upgrades and ownership transfers to provide the community ample time to review transactions before they are finalized.
However, acknowledging the sophistication of the breach, the company admits that even these newly implemented measures may not have been sufficient to prevent the attack.
Exploits in DeFi have surged at an alarming rate, as indicated by recent surveys presenting grim statistics. According to PeckShield, there were over 20 hacks in September alone, leading to losses exceeding $120 million.
Moreover, another on-chain security firm, Hacken, reported that over $440 million stolen from crypto platforms in the third quarter of 2024 has been lost permanently.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive a $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and open a 100 USDT-M position for free!
