Radiant Capital Hack: $50 Million Lost, Multisig Flaws Revealed

The DeFi world has been rocked to its core. Radiant Capital has suffered a massive security breach, losing over $50 million from its markets on the Binance Smart Chain (BSC) and Arbitrum networks. The hack, initially reported by blockchain security firm Ancilia, exploited misconfigurations in Radiant’s smart contracts, allowing attackers to bypass security measures.

How Did the Attack Happen?

The breach was traced to a vulnerability in Radiant Capital’s protocol, specifically targeting a backdoor in the system. The attackers exploited a weakness in the multisignature (multisig) wallet configuration, which allowed transactions to be authorized with just three out of the 11 required signatures.

This flaw enabled the hackers to gain control of the minimum number of signers needed to take over the wallet and execute the heist.

Radiant Capital confirmed the incident, disclosing that its lending markets on Binance and Arbitrum had been compromised. The stolen assets included major cryptocurrencies such as USDT, USDC, and ARB tokens. Initial estimates placed the total losses at $50 million, raising concerns over the platform’s security practices.

Multisig Security Under Fire

The incident has sparked criticism within the crypto community, with many questioning Radiant’s choice of security measures. The use of a three-out-of-eleven multisig setup for a platform handling significant funds is being scrutinized, with calls for stronger protections to prevent similar exploits in the future.

Experts are debating whether more robust security protocols should have been in place to deter such an attack.

• Also Read :
•   Hong Kong Police Busts $46M Deepfake Crypto Fraud Operation
• ,

Immediate Response

After the hack, Radiant Capital put claims on its markets on Ethereum and Base layer-2 networks and asked the users to take back the permissions they granted to the protocol’s smart contracts. Users with such exposure are encouraged to review their accounts via Revoke. Cash is a platform that searches for such prevalent dangers.

Radiant is actively cooperating with security firms, including SEAL911 and Chainalysis, to trace the unidentified hackers and recover the stolen assets. The investigation is ongoing, with efforts focused on tracking the funds and identifying the criminals.

The Radiant Capital hack is a wake-up call for the entire crypto community. It’s time to reevaluate our approach to security and prioritize the protection of our funds.