OP Yesterday - 02:03 PM
The Binance Labs-backed Radiant Capital lending protocol has been hacked for over $50 million.
The hacker obtained the private keys of three of the 11 signatures and modified the smart contracts.
The Radiant Capital lending protocol was hacked on the BNB Chain and Arbitrum networks. The team has called for the affected contracts to be revoked using the Revoke service.
Please revoke access to the following contracts on https://t.co/JqPsJBBfNS .
0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
0x30798cFe2CCa822321ceed7e6085e633aAbC492F
0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
0 xA950974f64aA33f27F6C5e017eEE93BF7588ED07 https://t.co/x4l7J8UVeT
— Radiant Capital (@RDNTCapital) October 16, 2024
![[Image: Capture-d-cran-2024-10-17-135920.png]](https://i.ibb.co/JR4fDkV/Capture-d-cran-2024-10-17-135920.png)
The total amount of losses exceeded $50 million, according to Ancilia data.
4/ thanks for the update from replies. Seems like Arbitrum contract was hacked, too: https://t.co/E7kLLavJ7C
The total lost is > $50M now.
- Ancilia, Inc. (@AnciliaInc) October 16, 2024
![[Image: Capture-d-cran-2024-10-17-140027.png]](https://i.ibb.co/wYDWf0z/Capture-d-cran-2024-10-17-140027.png)
"We have noticed several transfers from user accounts using transferFrom via contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke permissions as soon as possible. It appears that the new implementation had vulnerable functions," Ancilia experts noted.
The transferFrom exploit uses a smart contract feature to allow one account to send a certain amount of tokens from a victim account to a third wallet. Typically, this requires the victim to give permission to interact with the fake address.
According to Ancilia, the backdoor contract was deployed at approximately 20:09 Kyiv/MSK on October 16.
You were supposed to fight evil
Ancilia accidentally shared a tool for stealing funds from cryptocurrency wallets in an attempt to help users.
In a now-deleted tweet, the company posted a fraudulent link from a fake account called Radiant, a user with the nickname Spreek noted.
For fuck's sake, if you are a 'trusted' security account, you need to absolutely make sure to never do this pic.twitter.com/2jrpN7P00L
— Spreek (@spreekaway) October 16, 2024
![[Image: Capture-d-cran-2024-10-17-140141.png]](https://i.ibb.co/ckWt18J/Capture-d-cran-2024-10-17-140141.png)
Ancilia asked users to revoke permissions by “following a link in an official message.” In reality, it led to a tool for stealing funds.
3 out of 11 signatures were hacked.
Cybersecurity firm De.Fi reported losses of more than $58 million.
~$58,000,000 Exploit Alert
Radiant Capital contracts were exploited on BSC & ARB chains with the 'transferFrom' function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others
Revoke approvals ASAP
0xd50cf00b6e600dd036ba8ef475677d816d6c4281 pic.twitter.com/oUHyshwE mL
— De.Fi Antivirus Web3 (@De_FiSecurity) October 16, 2024
![[Image: Capture-d-cran-2024-10-17-140232.png]](https://i.ibb.co/cwqddgP/Capture-d-cran-2024-10-17-140232.png)
Radiant is controlled by a multi-signature wallet with 11 signatories. The attacker was apparently able to obtain the private keys of three of them. This was enough to update the platform's smart contracts, De.Fi emphasized.
Unfortunately, yes.
However, this time, the nature of the hack is different — as in the first time, it was hacked via the flash loan; and now due to the fact that the hacker managed to get access to 3 signers - thus managed to transfer ownership and upgrade the contracts
- De.Fi Antivirus Web3 (@De_FiSecurity) October 16, 2024
![[Image: Capture-d-cran-2024-10-17-140320.png]](https://i.ibb.co/sPpGGZZ/Capture-d-cran-2024-10-17-140320.png)
Binance Support
In July 2023, the venture arm of the largest crypto exchange Binance invested $10 million in Radiant. The project was also launched on Binance Launchpool.
Reports of a hack on the platform led to a drop in the RDNT token rate - it has lost 10% over the past 24 hours.
Radiant is a cross-chain protocol that offers the ability to borrow and lend cryptocurrency. In January, it lost $4.5 million as a result of an attack.
The hacker obtained the private keys of three of the 11 signatures and modified the smart contracts.
The Radiant Capital lending protocol was hacked on the BNB Chain and Arbitrum networks. The team has called for the affected contracts to be revoked using the Revoke service.
Please revoke access to the following contracts on https://t.co/JqPsJBBfNS .
0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
0x30798cFe2CCa822321ceed7e6085e633aAbC492F
0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
0 xA950974f64aA33f27F6C5e017eEE93BF7588ED07 https://t.co/x4l7J8UVeT
— Radiant Capital (@RDNTCapital) October 16, 2024
The total amount of losses exceeded $50 million, according to Ancilia data.
4/ thanks for the update from replies. Seems like Arbitrum contract was hacked, too: https://t.co/E7kLLavJ7C
The total lost is > $50M now.
- Ancilia, Inc. (@AnciliaInc) October 16, 2024
"We have noticed several transfers from user accounts using transferFrom via contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke permissions as soon as possible. It appears that the new implementation had vulnerable functions," Ancilia experts noted.
The transferFrom exploit uses a smart contract feature to allow one account to send a certain amount of tokens from a victim account to a third wallet. Typically, this requires the victim to give permission to interact with the fake address.
According to Ancilia, the backdoor contract was deployed at approximately 20:09 Kyiv/MSK on October 16.
You were supposed to fight evil
Ancilia accidentally shared a tool for stealing funds from cryptocurrency wallets in an attempt to help users.
In a now-deleted tweet, the company posted a fraudulent link from a fake account called Radiant, a user with the nickname Spreek noted.
For fuck's sake, if you are a 'trusted' security account, you need to absolutely make sure to never do this pic.twitter.com/2jrpN7P00L
— Spreek (@spreekaway) October 16, 2024
Ancilia asked users to revoke permissions by “following a link in an official message.” In reality, it led to a tool for stealing funds.
3 out of 11 signatures were hacked.
Cybersecurity firm De.Fi reported losses of more than $58 million.
~$58,000,000 Exploit Alert
Radiant Capital contracts were exploited on BSC & ARB chains with the 'transferFrom' function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others
Revoke approvals ASAP
0xd50cf00b6e600dd036ba8ef475677d816d6c4281 pic.twitter.com/oUHyshwE mL
— De.Fi Antivirus Web3 (@De_FiSecurity) October 16, 2024
Radiant is controlled by a multi-signature wallet with 11 signatories. The attacker was apparently able to obtain the private keys of three of them. This was enough to update the platform's smart contracts, De.Fi emphasized.
Unfortunately, yes.
However, this time, the nature of the hack is different — as in the first time, it was hacked via the flash loan; and now due to the fact that the hacker managed to get access to 3 signers - thus managed to transfer ownership and upgrade the contracts
- De.Fi Antivirus Web3 (@De_FiSecurity) October 16, 2024
Binance Support
In July 2023, the venture arm of the largest crypto exchange Binance invested $10 million in Radiant. The project was also launched on Binance Launchpool.
Reports of a hack on the platform led to a drop in the RDNT token rate - it has lost 10% over the past 24 hours.
Radiant is a cross-chain protocol that offers the ability to borrow and lend cryptocurrency. In January, it lost $4.5 million as a result of an attack.
![[Image: Nuttela-Signature.gif]](https://i.ibb.co/VT79K5v/Nuttela-Signature.gif)
![[Image: Sig.png]](https://i.ibb.co/xh4Mcd3/Sig.png)
![[Image: PeAsULK.gif]](https://i.imgur.com/PeAsULK.gif)
![[Image: who.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.io%2Fimages%2Fsmilies%2Fwho.png)
![[Image: monkayes.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.io%2Fimages%2Fsmilies%2Fmonkayes.gif)