{"id":17834,"date":"2024-10-17T10:55:24","date_gmt":"2024-10-17T07:55:24","guid":{"rendered":"https:\/\/forklog.com\/en\/radiant-capital-hacked-for-over-50-million\/"},"modified":"2024-10-17T10:55:24","modified_gmt":"2024-10-17T07:55:24","slug":"radiant-capital-hacked-for-over-50-million","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/radiant-capital-hacked-for-over-50-million\/","title":{"rendered":"Radiant Capital Hacked for Over $50 Million"},"content":{"rendered":"<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>The lending protocol Radiant Capital, backed by Binance Labs, suffered an attack amounting to over $50 million.\u00a0<\/li>\n<li>The hacker obtained private keys for three out of 11 signatures and altered smart contracts.<\/li>\n<\/ul>\n<\/div>\n<p>The lending protocol Radiant Capital was breached on the BNB Chain and Arbitrum networks. The team urged users to revoke permissions for affected contracts using the Revoke service.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Please revoke access to the following contracts on <a href=\"https:\/\/t.co\/JqPsJBBfNS\">https:\/\/t.co\/JqPsJBBfNS<\/a>. <\/p>\n<p>0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1<br \/>0x30798cFe2CCa822321ceed7e6085e633aAbC492F<br \/>0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281 <br \/>0xA950974f64aA33f27F6C5e017eEE93BF7588ED07 <a href=\"https:\/\/t.co\/x4l7J8UVeT\">https:\/\/t.co\/x4l7J8UVeT<\/a><\/p>\n<p>\u2014 Radiant Capital (@RDNTCapital) <a href=\"https:\/\/twitter.com\/RDNTCapital\/status\/1846673545973432333?ref_src=twsrc%5Etfw\">October 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Total losses exceeded $50 million, according to data from Ancilia.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">4\/ thanks for the update from replies. Seems like Arbitrum contract was hacked, too:<a href=\"https:\/\/t.co\/E7kLLavJ7C\">https:\/\/t.co\/E7kLLavJ7C<\/a><br \/>The total lost is > $50M now.<\/p>\n<p>\u2014 Ancilia, Inc. (@AnciliaInc) <a href=\"https:\/\/twitter.com\/AnciliaInc\/status\/1846618258163761551?ref_src=twsrc%5Etfw\">October 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cWe noticed several transfers from user accounts using transferFrom via contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke permissions as soon as possible. It seems the new implementation had vulnerable functions,\u201d noted Ancilia experts.<\/p>\n<\/blockquote>\n<p>The transferFrom exploit uses a smart contract function to allow one account to send a specified amount of tokens from the victim&#8217;s account to a third wallet. Typically, this requires the attacked party to grant permission to interact with a fake address.<\/p>\n<p>According to Ancilia, the backdoor contract was deployed around 20:09 Kyiv\/Moscow time on October 16.\u00a0<\/p>\n<h2 class=\"wp-block-heading\"><strong>You Were Supposed to Fight Evil<\/strong><\/h2>\n<p>Ancilia inadvertently shared a tool for stealing funds from cryptocurrency wallets in an attempt to assist users.\u00a0<\/p>\n<p>In a now-deleted tweet, the company posted a fraudulent link from a fake Radiant account, as noted by a user with the nickname Spreek.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">For fuck&#8217;s sake, if you are a &#8216;trusted&#8217; security account, you need to absolutely make sure to never do this <a href=\"https:\/\/t.co\/2jrpN7P00L\">pic.twitter.com\/2jrpN7P00L<\/a><\/p>\n<p>\u2014 Spreek (@spreekaway) <a href=\"https:\/\/twitter.com\/spreekaway\/status\/1846637474467975648?ref_src=twsrc%5Etfw\">October 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Ancilia asked users to revoke permissions by \u201cfollowing the link from the official message.\u201d In reality, it led to a tool for stealing funds.<\/p>\n<h2 class=\"wp-block-heading\"><strong>3 Out of 11 Signatures Compromised<\/strong><\/h2>\n<p>Cybersecurity firm De.Fi reported losses amounting to over $58 million.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">?~$58,000,000 Exploit Alert?<\/p>\n<p>Radiant Capital contracts were exploited on BSC &#038; ARB chains with the &#8216;transferFrom&#8217; function, which allowed to drain users&#8217; funds, namely <a href=\"https:\/\/twitter.com\/search?q=%24USDC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$USDC<\/a> <a href=\"https:\/\/twitter.com\/search?q=%24WBNB&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$WBNB<\/a> <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> and others<\/p>\n<p>\u26a0\ufe0fRevoke approvals ASAP?<br \/>0xd50cf00b6e600dd036ba8ef475677d816d6c4281 <a href=\"https:\/\/t.co\/oUHyshwEmL\">pic.twitter.com\/oUHyshwEmL<\/a><\/p>\n<p>\u2014 De.Fi Antivirus Web3 ?\ufe0f (@De_FiSecurity) <a href=\"https:\/\/twitter.com\/De_FiSecurity\/status\/1846624940440572405?ref_src=twsrc%5Etfw\">October 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Radiant is controlled by a multi-signature wallet with 11 signatories. The perpetrator apparently managed to obtain the private keys of three of them. This was sufficient to update the platform&#8217;s smart contracts, De.Fi highlighted.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Unfortunately, yes. <\/p>\n<p>However, this time, the nature of the hack is different \u2014 as in the first time, it was hacked via the flash loan; and now due to the fact that the hacker managed to get access to 3 signers \u2014 thus managed to transfer ownership and upgrade the contracts<\/p>\n<p>\u2014 De.Fi Antivirus Web3 ?\ufe0f (@De_FiSecurity) <a href=\"https:\/\/twitter.com\/De_FiSecurity\/status\/1846629116289659386?ref_src=twsrc%5Etfw\">October 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2 class=\"wp-block-heading\"><strong>Binance Support<\/strong><\/h2>\n<p>In July 2023, the venture arm of the largest cryptocurrency exchange Binance invested $10 million in Radiant. The project was also <a href=\"https:\/\/www.binance.com\/en\/support\/announcement\/introducing-radiant-capital-rdnt-on-binance-launchpool-farm-rdnt-by-staking-bnb-and-tusd-5a2799614fe74897aa1c77d1100805c6\">launched<\/a> on Binance Launchpool.<\/p>\n<p>Reports of the platform&#8217;s breach led to a decline in the RDNT token price \u2014 it lost 10% in the past day.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXcu_wmyAaY-4Z2Lpi7nt1eZHXVMp9rzijowv1k6NK9G7gN6zUGkTW_5QpxV7ku4BwRBkxflhh6b2_KNPZq3lJQEyMccbyFecRGyPdEsIXUrMfnODZZv4CpiAl0h6zwEoT-ZCyLlTzdBb5EeBuwrSVsRdf5M?key=3tuvGRMkumBRlfpCn6nRKQ\" alt=\"Radiant Capital Hacked for Over $50 Million\"\/><figcaption class=\"wp-element-caption\">RDNT price chart. Data: <a href=\"https:\/\/coinmarketcap.com\/ru\/currencies\/radiant-capital\/\">CoinMarketCap<\/a>.<\/figcaption><\/figure>\n<p>Radiant is a cross-chain protocol offering the ability to borrow and lend cryptocurrency. In January, it <a href=\"https:\/\/rekt.news\/radiant-capital-rekt\/\">lost<\/a> $4.5 million in an attack.\u00a0<\/p>\n<p>As reported in the third quarter of 2024, losses in the crypto industry due to 155 cases of hacks, exploits, and fraud amounted to $753 million.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The lending protocol Radiant Capital, backed by Binance Labs, suffered an attack amounting to over $50 million.\u00a0 The hacker obtained private keys for three out of 11 signatures and altered smart contracts. The lending protocol Radiant Capital was breached on the BNB Chain and Arbitrum networks. The team urged users to revoke permissions for affected [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":17833,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1150],"class_list":["post-17834","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-news-plus"],"aioseo_notices":[],"amp_enabled":true,"views":"52","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/17834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=17834"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/17834\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/17833"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=17834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=17834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=17834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}