Radiant Capital has published a detailed analysis of the October 16 exploit that resulted in the loss of more than $50 million in user funds.
According to the autopsy, the attacker used highly advanced malware to poison transactions, allowing them to steal funds during a routine multi-signature process.
Attack methodology exploited common errors
It all started when the hacker compromised physical wallets belonging to three of the protocol’s main developers and injected them with malware imitating legitimate transactions. While developers were signing off on what they thought were routine broadcast adjustments, the malware was executing unauthorized transactions in the background.
Radiant Capital reiterated that its contributors followed standard operating procedures to the letter during this fateful process. They simulated each transaction for accuracy on the comprehensive Web3 infrastructure platform, Tenderly, while subjecting them to individual review at each signing stage.
Despite these multiple layers of verification, front-end controls showed no visible signs of anomaly, even as the malware infiltrated the protocol’s systems.
What also stands out in the company’s assessment is how the attacker took advantage of common transaction failures to execute the hack. They used wallet resubmissions, often caused by gas price fluctuations or network congestion, as a cover to collect private keys, while maintaining a semblance of normalcy.
The perpetrator then took control of certain smart contracts and ultimately siphoned off millions of dollars worth of cryptocurrencies, including USDC, Wrapped BNB (wBNB), and Ethereum (ETH).
The actual amount stolen varies between $50 million and $58 million, depending on the source reporting it. However, the decentralized finance (DeFi) platform reported the lower figure in its accounting of the incident.
FBI asked to help recover stolen funds
In the report, the cross-chain lender said it was working closely with US law enforcement agencies, including the FBI, as well as cybersecurity firms SEAL911 and ZeroShadow to track stolen crypto.
Additionally, as a precautionary measure, it advised users to revoke approvals on all channels, including Arbitrum, BSC, and Base. This step responds to the exploiter capitalizing on open approvals to drain funds from accounts.
Radiant Capital also created new cold wallets and adjusted signing thresholds to improve platform security. Likewise, it introduced a mandatory 72-hour deadline for all contract upgrades and transfers of ownership. This is to give the community enough time to verify transactions before final execution.
However, given the level of sophistication of the breach, the company admitted that even these measures might not have prevented the attack.
DeFi exploits have been growing at an alarming rate, and a few recent surveys paint a bleak picture. According to PeckShield, more than 20 hacks took place in September, resulting in losses of more than $120 million.
Additionally, another blockchain security company, Hacken, announced that over $440 million stolen from crypto platforms in Q3 2024 has been lost forever.
Binance Free $600 (CryptoPotato Exclusive): Use this link to create a new account and receive an exclusive $600 welcome offer on Binance (all details).
LIMITED OFFER 2024 on BYDFi Exchange: Up to $2,888 Welcome Reward, use this link to sign up and open a 100 USDT-M position for free!
