Radiant Capital Loses $50M to Blockchain Exploit

Blockchain protocol Radiant Capital lost more than $50 million on Wednesday as the result of an apparent cyberattack, according to security experts and blockchain data.

An attacker gained control of Radiant Capital’s blockchain contracts by obtaining three of the “private keys” that control the protocol, security experts said.

“Radiant Capital contracts were exploited on BSC & ARB chains with the ‘transferFrom’ function,” Web3 security firm De.Fi explained on X. The exploit allowed attackers to “drain users’ funds, namely $USDC $WBNB $ETH and others,” the firm said.

Radiant is controlled by a multi-signature, or “multisig” wallet with 11 signers, De.Fi said in a separate X post. The attacker was apparently able to obtain three of these signers’ “private keys,” which was enough to upgrade the platform’s smart contracts.

At press time, it was unclear how the keys were obtained. Some members of an Ethereum security group on Telegram, the messaging app, speculated that the attack could’ve stemmed from a compromised front-end – meaning the legitimate Radiant key-holders may have accidentally interacted with a malware-laced protocol.

Radiant acknowledged the exploit in a post to its official X account, but it did not provide specific details.

“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum,” Radiant said. “We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.”

Radiant, which is controlled by a decentralized autonomous community, or DAO, states on its website that its mission is to “unify the billions in fragmented liquidity across Web3 money markets under one safe, user-friendly, capital-efficient omnichain.”