By: Isha Das
In a concerning development for the decentralized finance sector, Radiant Capital, a renowned multichain money market, has suffered a major security breach across the BNB Chain and Arbitrum, resulting in losses exceeding $50 million. The breach, which has brought intensified scrutiny on DeFi security protocols, saw the manipulation of Radiant Capital's key security measures. This latest incident is notably the second significant exploit the platform has faced this year, following a previous $4.5 million flash loan-based breach.
This exploit involved the unauthorized access of Radiant Capital's MultiSig wallet, a high-security feature that necessitates multiple approvals for transactions. Hackers managed to gain control over the platform's Pool Provider contract, transferring its ownership to a malevolent account. This unauthorized control over the Pool Provider contract allowed the attacker to drain substantial amounts from liquidity pools on both Binance Smart Chain and Arbitrum. As a consequence, a wide array of tokens, including Wrapped Ether (WETH), Wrapped Bitcoin (WBTC), Arbitrum (ARB), USD Coin (USDC), and Tether USD (USDT), were drained.
Security experts, such as the team from Hacken, were quick to warn users to immediately revoke any permissions granted to Radiant Capital's smart contracts to secure their funds from further attacks. Notably, it was revealed that the malicious contract used in this exploit was deployed approximately 14 days before the attack, indicating premeditated planning by the attackers. The incident comes after a failed attempt by the hackers on October 10, which was identified and reported by blockchain security specialists.
This breach highlights potential vulnerabilities in Radiant Capital’s multi-signature wallet setup. Criticism has been aimed at the usage of a low signer threshold, which only required three out of the eleven authorized signatures for contract alterations. This aspect of the platform’s security protocol has been flagged as a key management failure by experts like Mudit Gupta, CISO at Polygon Labs. Following this exploit, Radiant Capital has seen a significant reduction in its total value locked, plummeting from its initial figures. As security experts and the DeFi community rally for enhanced protocol protection, the incident underlines the essential need for robust security measures in the DeFi space.