Decentralized Finance (DeFi) Project Radiant Capital said earlier this week that teams investigating the breach “believe this is one of the most sophisticated hacks ever recorded in DeFi” and that “multiple protocols are vulnerable.”
Radiant and Web3 auditor Hacken put the estimated value of the theft at $50 million, and that's what it's supposed to be. USDT, USDCAnd ARB tokens are stolen.
This sum includes at least $16 million drained from Radiant's smart contract on the BNB Chain, as well as funds stolen from some of Radiance's trading pools via the Ethereum Layer-2 network Arbitrum Hacken.
Radiant's platform aims to provide liquidity across multiple blockchain protocols, allowing users to deposit and borrow assets.
In the hack
In a blog post explaining the attack, Radiant said the hackers successfully killed at least three developers. Hardware bagsEven if you can't say the exact number.
The Radiant hackers then used malware to manipulate transaction data at the device level and use “poisoned signatures” to appear legitimate to the signers who authorized the transaction.
The hackers allegedly used three multi-signature authentications to transfer crypto to the wallets they controlled.
Radiant explained that the affected developers were all “long-standing, trusted contributors.” Dao.
Radiant said the attack used a sophisticated technique that used the popular Ethereum multisig wallet Safe{Wallet} for transaction verification, where Radiant developers were presented with legitimate-looking transactions.
The project said hackers were able to bypass multiple layers of authentication, including the full-stack Web3 interface Tenderly and other auditing tools.
Radiant Capital said it is working with US law enforcement and Web3 cybersecurity firm ZeroShadow to freeze the stolen assets and recover the money.
The project said it is taking a number of steps to prevent future breaches, such as requiring contributors to double-check transaction data for each transaction using analytics platform Eterscan.
In addition, contract amendments and ownership transfers will now be subject to a minimum 72-hour delay to give developers enough time to review and confirm changes.
Although Radiance's latest disaster is said to be one of the most sophisticated hacks in DeFi history, it is by no means the biggest.
In May 2022, Ronin's network, the play-to-find game Axie Infinity, suffered a $625 million loss at the hands of hackers.
Daily Debrief Newspaper
Start every day with top news stories, plus original features, podcasts, videos and more.
