As a researcher with years of experience in the cryptocurrency industry, I find myself deeply concerned by the recent breach at Radiant Capital. Having witnessed numerous cybersecurity incidents in the past, I can attest that this is yet another grim reminder of the challenges we face in ensuring security within the blockchain ecosystem.
Following a significant cybersecurity breach that led to losses exceeding $50 million in its cross-chain lending protocol, operating across both the BNB Chain and Arbitrum networks, Radiant Capital has temporarily ceased its lending activities, as confirmed by Radiant themselves and two cybersecurity specialists.
In a recent statement posted on October 16th via the X platform, the Web3 cybersecurity company De.Fi Antivirus revealed that Radiant Capital contracts were misused on Binance Smart Chain (BSC) and Avalanche C-Chain (ARB), primarily by taking advantage of the ‘transferFrom’ function to empty users’ funds, including USDC, WBNB, ETH, and other digital assets.
According to De.Fi’s statement and reports from cybersecurity firm Ancilia Inc., an exploit drained approximately $58 million, with similar estimates of losses totaling around $50 million mentioned in other posts.
Radiant has acknowledged a problem affecting their markets on Binance Chain and Arbitrum, as they stated in a recent update.
Radiant announced that they’re currently collaborating with SEAL911, Hypernative, ZeroShadow, and Chainalysis. They promise to share updates as soon as they become available. For now, trading activities on Base and Mainnet have been temporarily halted.
Radiant operates using a multi-signature wallet, often referred to as “multi-sig.” It’s alleged that the attacker managed to obtain access to multiple private keys of the signatories, subsequently taking over several smart contracts.
Recently, Radiant Capital suffered a theft similar to a school bully taking someone’s lunch money. Their multisig (multi-signature) security was breached, leading to a transfer of ownership, as reported by Pop Punk, co-founder of token launch platform g8keep, in a recent post.
“Revoke all approvals. Tens of millions of dollars in losses so far,” Pop Punk added.
In Q3 of 2024, incidents involving exploitation of access control mechanisms were responsible for approximately $316 million, or around 70%, of all cryptocurrency funds stolen, as revealed in a report published by the cybersecurity firm Hacken.
As a crypto investor, I’ve noticed that multisig (multiple signature) systems are widely used to secure Web3 protocols. However, these systems can introduce centralized vulnerabilities that could potentially be exploited by attackers. In simpler terms, while they offer robust security, they also create potential ‘single points of failure,’ making the system as a whole susceptible to attacks if one key is compromised.
In a recent interview with CryptoMoon, Sreeram Kannan, the founder of EigenLayer’s restaking protocol, stated that while numerous contracts currently utilize multisigs, this method is actually quite centralized.
In the end, users aren’t experiencing the confidence or reliability that blockchain technology aims to deliver, according to Kannan.
“We need to move beyond that.”
Read More
- FLOKI PREDICTION. FLOKI cryptocurrency
- CAKE PREDICTION. CAKE cryptocurrency
- TRB PREDICTION. TRB cryptocurrency
- JTO PREDICTION. JTO cryptocurrency
- XDC PREDICTION. XDC cryptocurrency
- MNT PREDICTION. MNT cryptocurrency
- HBAR PREDICTION. HBAR cryptocurrency
- OKB PREDICTION. OKB cryptocurrency
- Dandadan Shares First Look at Season Finale: Watch
- EUR HUF PREDICTION
2024-10-17 00:48