Radiant Capital Hack Causes Platform to Lose Over $50M

Key Points:

• Radiant Capital lost over $50 million in a cyberattack that exploited its Ethereum Layer 2 Arbitrum and BNB Chain instances.
• The Radiant Capital hack involved the “TransferFrom” function, allowing the hacker to drain tokens by tricking victims into granting access.

Radiant Capital, a blockchain lending protocol, has lost more than $50 million in a hack, blockchain data and security experts say.

Read more: Radiant: What’s So Special About Arbitrum’s Full-chain Lending Marketplace?

Hacker Exploits “TransferFrom” Function to Drain Tokens

The attack struck Radiant’s Ethereum Layer 2 Arbitrum instance before later spilling over to the BNB Chain. The Radiant Capital hack was initially reported by Web3 security firm Ancilia, which sounded the alarm via a post on X. The hacker manipulated the protocol by utilizing a smart contract function called “TransferFrom,” which grants permission for one account to transfer tokens from another account to a third.

But for this to work, victims had to grant permission to a spoofed wallet address, essentially unlocking their access to their funds. This very smart contract allowed the attacker to drain significant amounts of tokens, including the following wrapped versions: BNB, ETH, USDC, and USDT.

Radiant Capital Hack Causes Damage of More Than $50 Million

According to Ancilia, the Radiant Capital hack most likely originated from a backdoor contract deployed on the Binance Smart Chain network. In that case, the company alerted Radiant users to revoke all of Radiant’s contract addresses so they could secure their assets.

The hacked asset was transferred to a wallet starting with “0x0629b” that reportedly contained more than $5 million in tokens. According to DeBank, the same wallet had a balance of $51 million and an astronomical 2,619,512.54% surge in token holdings not long after the attack.

The top lending protocol on Arbitrum confirmed the security vulnerability on its X account while promising to cooperate with relevant organizations to solve the problem. This is the second time Radiant Capital has suffered a hack in less than a year, having been attacked this January, when it lost $4.5 million. Its token RDNT suffered a severe blow following the recent breach.