As a seasoned crypto investor who has witnessed numerous market fluctuations and hacks over the past decade, I must admit that the recent $50 million heist at Radiant Capital left me both disheartened and enraged. The sophistication of this attack underscores the need for constant vigilance in our industry.
In a recent cyberattack, the perpetrators of the Radiant Capital incident took control of developers’ digital wallets using harmful software, making off with more than fifty million dollars worth of assets.
The detailed analysis by Radiant Capital states that the cyberattack on October 16, 2024, resulting in over $50 million in damages, is considered one of the most complex and advanced Decentralized Finance (DeFi) hacks to have occurred.
At least three Radiant developers had their hardware wallets hacked using intricate malware, with speculation suggesting that additional devices could also have been affected.
In a deceitful manner, the malware altered the user interface of the Safe{Wallet}, showing genuine transaction details to the developers on the surface, but covertly carrying out harmful transactions behind the scenes.
During a standard procedure for fine-tuning multi-signature releases (which occur occasionally to accommodate market fluctuations), an assault occurred. Surprisingly, this adjustment process, with several checks using Tenderly simulations and manual inspections, didn’t reveal any unusual activities during the signing phase. The report concluded with no irregularities found.
The attackers exploited a frequent occurrence in Safe App transactions, namely resubmissions caused by gas price fluctuations or network congestion. By simulating these regular errors, the attackers managed to gather numerous signatures from compromised accounts unnoticed. Eventually, they used this collected data to trigger the “transferOwnership” function, thereby taking control of Radiant’s lending pools.
As an analyst, I’ve observed a cyber incident that has impacted both Binance Smart Chain (BSC) and Arbitrum. The culprits behind this attack manipulated signatures to tamper with smart contracts, focusing particularly on exploiting the ‘transferFrom’ function – a vulnerability we were earlier made aware of by the Web3 security firm De.Fi. This exploit enabled them to siphon assets from users who had given approval to the lending pools.
Beyond this, the report noted that numerous protocols could be vulnerable and proposed various precautionary steps. These steps encompass the adoption of multi-layered signature verification, employing a separate device to verify transaction details, avoiding auto-signing for crucial transactions, and establishing error-activated audits to identify potential problems prior to signing.
On October 18th, Daniel Von Fange, an independent developer, pointed out in a post that the attackers were continuously emptying any funds sent to the hacked wallets. He recommended users to promptly rescind any authorizations they had previously granted to the affected contracts to prevent further financial losses.
Post-hack measures
Radiant Capital has temporarily halted its borrowing platforms on BNB Smart Chain and Arbitrum. In a post dated October 17th, Radiant announced they are collaborating with multiple cybersecurity companies such as SEAL911, Hypernative, and Chainalysis to investigate the theft and retrieve the stolen funds.
The lending protocol’s immediate preventive measures include generating fresh cold wallet addresses using uncompromised devices for each member of the Safe, reducing the number of signers to 7, and increasing the signing threshold to 4 out of 7. Further, contributors will also double-confirm transaction data for each transaction using the input data decoder on Etherscan to ensure added accuracy before signing.
The company is also working with U.S. law enforcement agencies to freeze the stolen funds and trace the attackers while collaborating with ZeroShadow to analyze the digital footprint left by the exploiters.
Read More
Sorry. No data so far.
2024-10-18 13:08