Ranking
Categories
Historical Snapshots
Token unlocks
Yield
Trending
Upcoming
Recently Added
Gainers & Losers
Most Visited
Community Sentiment
Chain Ranking
Market Overview
CoinMarketCap 100 Index
Fear and Greed Index
Altcoin Season Index
Bitcoin Dominance
Crypto ETFs
Overall NFT Stats
Upcoming Sales
New Pairs
Trending Pairs
Meme Explorer
Gainers & Losers
Community Votes
Top Traders
Spot
Derivatives
Spot
Derivatives
Feeds
Topics
Lives
Articles
Converter
Newsletter
CMC Labs
Telegram Bot
Advertise
Crypto API
Site Widgets
Airdrops
Diamond Rewards
Learn & Earn
ICO Calendar
Events Calendar
Academy
Research
Videos
Glossary
Radiant Capital, a decentralized lending protocol, has suffered a massive cyberattack, losing more than $50 million in digital assets. The attack, which occurred across Binance's BNB Chain and Ethereum's layer-2 Arbitrum network, marks the second significant exploit the platform has faced this year, further raising concerns about the security of decentralized finance (DeFi) platforms.
The Incident Unfolds
The attack was first reported on Wednesday by blockchain security firm Ancilia Inc., which flagged suspicious activity involving Radiant Capital's smart contracts on BNB Chain. Initial reports showed approximately $16 million being drained from the platform on BNB. Shortly after, assets were also siphoned from Radiant's liquidity pools on Arbitrum. Another security firm, Hacken, later confirmed that the total stolen assets, including USDT, USDC, and ARB, amounted to nearly $50 million.
Radiant Capital acknowledged the issue on X (formerly Twitter), stating, "We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum," and assured users they were working with blockchain security teams SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the breach.
How the Attack Happened
According to Web3 security firm De.Fi, the attackers managed to exploit Radiant's smart contracts through the 'transferFrom' function, allowing them to drain user funds. Radiant operates using a multi-signature (multisig) wallet system, requiring 11 signers to authorize any protocol upgrades. The attackers somehow obtained three of these private keys, which gave them enough control to modify the smart contracts and carry out the attack.
While the exact method by which the private keys were compromised remains unclear, some experts in the Ethereum security community have speculated that it may have resulted from a front-end attack. This type of exploit could have deceived legitimate key-holders into interacting with a malicious interface, thereby granting the attacker access to the protocol.
Radiant’s response included pausing its markets on Ethereum and the layer-2 network Base while urging users to revoke their smart contract permissions as a safety measure. The platform also directed users to the Revoke.Cash service to check if they were at risk.
Not the First Incident
This latest exploit isn't the first time Radiant Capital has been targeted. Earlier in January, the protocol lost $4.5 million in a separate flash loan-based attack on Arbitrum due to a bug in its smart contracts. The recurrent breaches underline the vulnerabilities in DeFi systems, where even protocols designed to be capital-efficient and secure are regularly targeted by sophisticated hackers.
The Broader Impact
Radiant Capital operates as a decentralized autonomous organization (DAO) and describes its mission as unifying fragmented liquidity across Web3's various money markets into one seamless, omnichain platform. Despite its ambitious goals, repeated security incidents could undermine confidence in Radiant and similar DeFi projects. The need for more robust security frameworks is evident as hackers continuously exploit weak points in decentralized systems.
This breach, resulting in such a significant financial loss, highlights the risks for users engaging with DeFi platforms. Although Radiant and its team are working to address the issue, the full extent of the damage—both financial and reputational—is still unfolding.
Conclusion
The $50 million exploit on Radiant Capital has rattled the DeFi community once again, raising serious concerns about the security of blockchain protocols and the safeguarding of user funds. With two major hacks in less than a year, Radiant faces an uphill battle to restore trust. The incident serves as a reminder of the critical need for constant vigilance and improved security mechanisms in the rapidly evolving world of decentralized finance.
This story is still developing, and Radiant Capital has yet to provide a detailed explanation of how the attackers obtained access to the private keys. Until the investigation concludes, users are advised to stay alert and take appropriate measures to protect their assets.