The post Radiant Capital Hack: How a Multisig Flaw Led to a $50M Loss appeared first on Coinpedia Fintech News
DeFi platform Radiant Capital has been hacked, draining over 50 million dollars from the Binance Smart Chain (BSC) and Arbitrum’s systems. The hack, first covered by blockchain security firm Ancilia, used misconfigurations in the Radiant smart contracts.
How the Hack Unfolded
As to how they got in, apparently, the attackers intruded through a weakness in the Radiant Capital protocol backdoor. the exploit affected the multisig wallet of the protocol based on which the transactions could be completed with only 3 out of 11 necessary signatures.
Unfortunately, the hackers were able to gain control of the minimum required signers and change the ownership of the wallet needed for the theft.
Radiant verified the incident and said that their lending markets on Binance and Arbitrum were affected. Drawn out of the protocol was USDT, USDC, as well as ARB tokens, with initial reports suggesting the protocol had lost $50 million.
Security Protocol Under Criticism
The security structure of Radiant Capital is currently attracting a lot of criticism from the crypto community. People have also complained about the multisig setup stating that more than having three signers confirm transactions for a protocol involving large amounts of money is needed. Crypto experts are beginning to ask if enhanced security should have existed to avoid such exploitation.
Immediate Response
After the hack, Radiant Capital put claims on its markets on Ethereum and Base layer-2 networks and asked the users to take back the permissions they granted to the protocol’s smart contracts. Users with such exposure are encouraged to review their accounts via Revoke. Cash is a platform that searches for such prevalent dangers.
Current information about the search for unidentified cybercriminals and the remaining lost assets of Radiant is cooperating with security firms SEAL911 and Chainalysis and many others.