Radiant Capital, a Blockchain lending platform, was hit by hackers for the second time this year, resulting in a loss of up to $58 million in user assets. The recent attack on Radiant Capital, following a $4.5 million hit earlier in the year, raised concerns about the security of decentralized finance (DeFi) platforms.

According to a report by crypto security firms Hacken and Extractor, 95% of stolen DeFi funds in the third quarter of 2024 were deemed irretrievable, with more than half of the $463 million in losses attributed to Indian cryptocurrency exchange WazirX. The report highlighted the vulnerability of DeFi platforms to access control attacks, which accounted for double the losses of all other types of attacks combined. Smart contract vulnerabilities often arise after new versions are deployed, making DeFi platforms susceptible to exploitation.

The hack on Radiant Capital involved a compromise of private keys, allowing a malicious actor to gain control of multi-sig wallets and drain over $50 million in user assets. Reports from security firms like Ancilia Inc. and Cyvers Alerts pointed to a coordinated attack on the platform, urging users to refrain from interacting with the protocol and revoke all data approvals until the situation is resolved.

The hacker reportedly obtained access to multiple signers’ private keys and exploited vulnerabilities in smart contracts to transfer ownership and upgrade the contracts. Speculation arose about how the hacker acquired the private keys, with some suggestions of phishing or malware attacks targeting Radiant key holders.

Radiant Capital has provided limited information about the attack, with the latest update indicating collaboration with security firms like SEAL911, Hypernative, ZeroShadow, and Chainalysis to address the situation. Markets on Binance Chain and Arbitrum have been paused until further notice, and users are advised to revoke access to specific contracts associated with the hack.

In the aftermath of the hack, scammers took advantage of the situation to impersonate Radiant Capital accounts on social media platforms like X. Typosquatting techniques were used to create fake accounts similar to the official @RDNTCapital handle, leading to unsuspecting users falling for scam posts that contained malicious links. Web3 security firm Ancilia was one of the victims of such scams, prompting them to issue an apology and delete the misleading post.

The prevalence of scams and fraudulent activities in the aftermath of the Radiant Capital hack underscores the need for enhanced security measures in the DeFi space. Users and platform operators should remain vigilant against potential threats and take proactive steps to safeguard their assets and data. As the DeFi sector continues to grow, cybersecurity will play a crucial role in mitigating risks and ensuring the long-term sustainability of decentralized financial ecosystems.

Source link