Radiant Capital, a DeFi protocol, recently fell victim to another exploit, losing a staggering $48 million in the process. This incident marks the second attack on the platform this year, raising concerns about the security measures in place.
According to reports from security firm Hacken, hackers were able to take control of Radiant Capital’s Pool Provider contract, transferring ownership to a malicious contract. This breach allowed the attackers to withdraw significant amounts of assets from the platform’s liquidity pools on Binance Smart Chain (BSC) and Arbitrum.
As a result of the exploit, tokens such as Wrapped Ether (WETH), Wrapped Bitcoin (WBTC), Arbitrum (ARB), USD Coin (USDC), and Tether USD (USDT) were drained from the lending pools created on both chains. The attackers managed to flee with these assets, leaving users concerned about the security of their funds.
Hacken has advised users to revoke any approvals they had granted to Radiant Capital to prevent further unauthorized access to their funds. The security firm also revealed that the malicious contract used in the attack was deployed 14 days prior, indicating that the attackers had been planning this heist for over two weeks.
This incident highlights a key management failure on the part of Radiant Capital, as the platform used a multi-signature wallet with 11 authorized signers but only required 3 signatures to approve changes to its contracts. This low signer threshold raised questions about the platform’s security practices and left users vulnerable to such exploits.
Furthermore, this is not the first time Radiant Capital has been targeted by hackers. Earlier in the year, the platform experienced a flash loan-based exploit that resulted in a loss of $4.5 million. Despite efforts to recover the funds, Radiant Capital saw a significant decrease in total value locked (TVL) over the following months, losing 75% of its TVL year-to-date.
The impact of this exploit on Radiant Capital’s reputation and the trust of its users remains to be seen. It is crucial for DeFi platforms to prioritize security and implement robust measures to protect user funds from such malicious attacks in the future.
