Major cross-chain lending protocol Radiant Capital has shut its lending markets due to a critical security vulnerability that saw losses of over $50 million.
Major cross-chain lending protocol Radiant Capital has shut its lending markets due to a critical security vulnerability that saw losses of over $50 million combined on the BNB Chain and Arbitrum. The incident, confirmed by cybersecurity experts, once again underlines concerns about the vulnerability of multi-signature wallet systems in blockchain protocols.
According to Web3 security firm De.Fi Antivirus, the attack utilized Radiant Capital's 'transferFrom' function to allow for an unauthorized withdrawal of various cryptocurrencies including USDC, WBNB, and ETH. Initial estimates from De.Fi peg the total losses at around $58 million, though cybersecurity firm Ancilia Inc. quotes a figure closer to $50 million.
Among the first to respond to the breach was Radiant Capital, which immediately announced the suspension of its markets on Base and Mainnet networks. The protocol has enlisted the services of various security firms including SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the incident and put recovery measures in place.
The attack vector appears to have involved Radiant's multi-signature wallet system, where the attacker allegedly accessed several signers' private keys and then took over several smart contracts. Pop Punk, the pseudonymous co-founder of token launch platform g8keep, likened the attack to a "school bully stealing lunch money," emphasizing the severity of the security vulnerability.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
