Radiant Capital $58M hack an expensive ‘lesson’ for DeFi

As a seasoned analyst with a background in cybersecurity and blockchain technology, I find myself both impressed and concerned by the recent events surrounding Radiant Capital’s Ethereum lending markets. On one hand, it is commendable that they have taken immediate action to improve their security infrastructure, including the implementation of timelock contracts, multisignature structures, and enhanced DAO security. These measures demonstrate a proactive approach to addressing vulnerabilities and a commitment to learning from past mistakes.


After experiencing a hack resulting in approximately $58 million worth of digital assets being lost, Radiant Capital has reopened its Ethereum lending platforms once more.

Starting on November 1st, the lending protocol disclosed that they’ve made enhancements across their system. Among these upgrades, they transferred ownership into a timelock contract, which instates a compulsory 72-hour hold for any modifications. The Radiant Capital team stated that this measure strengthens the security of Radiant by adding an extra safety layer.

As an analyst, I’ve been part of a team that introduced an emergency administrative role within our system. This role operates on a multisignature basis, ensuring its actions are validated by multiple parties before execution. The primary function of this role is to temporarily halt and resume the operation of our lending protocol’s markets when such action is deemed necessary.

Furthermore, the enhanced security of its Decentralized Autonomous Organization (DAO) now requires only seven signatures for approval, with any four signatures meeting the minimum requirement.

Using multisignature wallets, transactions in cryptocurrency become more secure because they necessitate several signatures for execution or processing. This setup reduces the likelihood of a single point of weakness due to relying on just one private key.

An expensive “lesson” for DeFi

Enhanced security measures have been implemented as a response to an exploit that resulted in approximately $50 million worth of digital assets being stolen. On October 16th, Radiant Capital temporarily suspended its lending markets after a cybersecurity incident affected both the BNB Chain and Arbitrum platforms.

Unauthorized individuals managed to seize command over multiple users’ private cryptographic keys and contract code. Consequently, these intruders were able to siphon off more than $50 million worth of digital assets from the system.

On October 18th, Radiant Capital publicly disclosed in a post-mortem analysis that hackers had managed to introduce malware into the devices of at least three key team members, gaining unauthorized access.

Radiant Capital stated that the devices had been covertly manipulated so that on the surface, the wallets showed valid transaction information, but hidden behind this facade, unauthorized transactions were secretly approved and carried out.

In an X post, security professional Patrick Collins described the incident as a “$50 million lesson” that the decentralized finance (DeFi) space needs to remember. Collins said an educational or tooling gap exists in verifying transactions using hardware wallets. 

Radiant Capital $58M hack an expensive ‘lesson’ for DeFi

Meanwhile, the Radiant Capital hacker has already moved about $52 million of the stolen funds from the incident. On Oct. 24, blockchain security firm PeckShield said that the exploiter had already moved “nearly all” of the stolen funds. 

Wallet signing issues in crypto

Cryptocurrency phishing scams have resulted in substantial losses of digital money, with one such incident on Aug. 21 resulting in $55 million worth of stablecoins being stolen when a large investor (a “whale”) unintentionally authorized a transaction that transferred control of the funds to hackers.

As an analyst, I’ve come to understand that due to certain occurrences, Ledger, a hardware wallet provider, is advocating for transparent signing within the cryptocurrency sector. In a previous interview with CryptoMoon, Ledger CEO Pascal Gauthier expressed his viewpoint that the industry should transition from blind signing. To further this cause, Ledger has collaborated with various entities to educate the community about transparent signing through an initiative aimed at fostering clarity and security in digital asset transactions.

Read More

2024-11-01 13:06