Radiant Capital, a leading DeFi platform, has announced an ongoing collaboration with US law enforcement and Web3 security experts to recover over $50 million stolen in a recent hack.
In a detailed report released on Oct. 18, Radiant described the breach as one of the most complex hacks ever seen in DeFi. The team also warned that similar vulnerabilities could affect other protocols.
Post-mortem report
According to the report, the attackers used sophisticated malware to compromise the hardware wallets of at least three developers.
This malware obscured the front-end of Safe{Wallet} (previously known as Gnosis Safe), making the developers believe they were signing legitimate transactions while, in reality, malicious transactions were happening in the background.
Notably, the attack coincided with Radiant’s regular emissions adjustment process to respond to shifting market conditions. Despite thorough security checks, including manual reviews and Tenderly simulations, no suspicious activity was flagged during the process.
However, what made the attack particularly alarming was its stealth. The hackers took advantage of Safe App’s common transaction resubmission feature, often triggered by network congestion or gas price fluctuations.
They mimicked typical transaction errors to gather multiple signatures undetected. Once they had the necessary signatures, they executed the “transferOwnership” function, seizing control of Radiant’s lending pools.
The exploit targeted both Binance Smart Chain (BSC) and Arbitrum networks, allowing the attackers to manipulate the “transferFrom” function within the smart contracts. This enabled them to drain funds from users who had previously granted permission to Radiant’s lending pools.
Radiant Capital’s response
As part of their immediate security overhaul, the team has generated new cold wallet addresses for each team member using a secure, uncompromised device.
Additionally, security around Radiant’s Admin and DAO multisig wallets has been tightened. The number of signers was reduced to seven, with a new rule requiring four out of seven signatures to approve any transaction. This change ensures that 60% of signers must validate any transaction before it proceeds.
Further, to protect against future attacks, all contract updates and ownership transfers will now be delayed by at least 72 hours. This delay, enforced by timelock contracts, provides both the Radiant community and its developers ample time to review any proposed changes before they take effect.
Radiant Capital also outlined measures to help safeguard other protocols from similar threats. These include adopting more stringent signature verification processes, using separate devices to check transaction data, avoiding blind signing of critical transactions, and implementing audits triggered by error messages to catch vulnerabilities early.
The post Radiant Capital teams with US law enforcement after $50M DeFi hack appeared first on CryptoSlate.
