The exploit impacted Radiant's lending markets on Binance Chain and Arbitrum, prompting a pause in market operations.
Radiant Capital, a decentralized finance (DeFi) lender, reported a significant security breach across multiple blockchain networks, resulting in substantial financial losses. On Wednesday, unidentified attackers exploited vulnerabilities in Radiant's blockchain contracts on both the Binance Smart Chain (BSC) and Arbitrum platforms.
This breach allowed the perpetrators to siphon off digital assets, including USD Coin (USDC), Wrapped BNB (WBNB), and Ethereum (ETH), totaling over $50 million.
According to web3 security startup Ancilia, the attack targeted the 'transferFrom' function within the blockchain contracts. This vulnerability allowed the attackers to initiate unauthorized transactions from user accounts, which led to the direct theft of USDC, WBNB, and ETH from Radiant's liquidity pools.
The firm, however, noted that the exploitation of this function could have been mitigated with more security measures and timely audits of contract changes.
Additionally, reports indicate that three of the eleven private keys responsible for securing and upgrading Radiant's protocols were compromised. The security experts are investigating how these keys were accessed, with initial theories suggesting a possible phishing attack against key holders or a malware-infected interface used by the holders.
In response to the breach, Radiant Capital has paused all operations on its Binance Chain and Arbitrum lending markets. The organization is collaborating with blockchain security firms, including SEAL911 and Hypernative, to address the vulnerabilities and prevent future incidents.
Radiant has also urged its users to revoke suspicious approvals on their accounts and temporarily halted new transactions.
The community reaction has been one of concern, as similar exploits have plagued the DeFi space in recent months. The loss at Radiant Capital raises questions about the efficacy of current security practices in safeguarding user funds.
Moreover, experts suggest that multi-signature wallets, although used by Radiant Capital, require stricter controls and real-time monitoring to prevent unauthorized access. Similarly, adopting more advanced measures and regular third-party audits will boost defenses against such ETH, WBNB, and USDC losses.