Multi-chain money market Radiant Capital was exploited for at least $48 million in what is suspected to be an access control breach, according to initial reports from security firm Hacken.
The DeFi protocol’s native token RDNT crashed 7% after the news and is still down just over 5% in the past 24 hours, trading at $0.067 at press time.
The attack appears to have involved the compromise of Radiant Capital’s MultiSig wallet, a security feature typically used to enhance protection by requiring multiple approvals for transactions.
Hackers managed to take control of the platform’s Pool Provider contract, thereby transferring ownership to a malicious contract. This breach allowed the attacker to withdraw large amounts of assets from the platform’s liquidity pools on Binance Smart Chain (BSC) and Arbitrum.
As a result, tokens from the lending pools created on both chains were exhausted and the exploiter fled with tokens such as Wrapped Ether (WETH), Wrapped Bitcoin (WBTC), Arbitrum (ARB), USD Coin ( USDC) and Tether USD (USDT).
Hacken advised users to immediately revoke any approval they had given to Radiant Capital to prevent further unauthorized access to their funds.
Hacken also reported that the malicious contract used in the attack was deployed 14 days ago, suggesting that the exploiter had been planning this heist for more than two weeks. This is the hacker’s second attempt, after the first attempt failed on October 10.
The attacker even attempted to execute the attack on October 10, but his attempt failed. Users of the blockchain security company must revoke approvals from Radiant Capital to prevent potential unauthorized access to their assets.
Tony Ke, head of security engineering at FuzzLand, recommended users revoke approvals on Ethereum and Base as well, although Radiant has not been confirmed to have been compromised on those chains.
Notably, the amount drained represents more than half of the $75.5 million in total value locked (TVL) recorded by Radiant Capital, according to data from DefiLlama.
Low signatory threshold
Mudit Gupta, CISO at Polygon Labs, called the exploit a “key management failure.” Indeed, Radiant Capital used a multi-signature wallet with 11 authorized signatories, but only required 3 signatures to approve changes to its contracts.
User X identified as 0xBoboShanti also questioned the low signature threshold, which represents less than 30% of the total.
This is the second exploit suffered by Radiant in 2024 after an attacker used a flash loan-based exploit to drain $4.5 million from the protocol in January.
Radiant lost up to 37% of its TVL three weeks after the flash loan exploit. Although it managed to recover most of it in March, the amount of funds locked in the protocol has declined in consecutive months, causing Radiant to lose 75% of its TVL year-to-date .
