• Radiant Capital’s multisig hack led to $58M in stolen funds, exposing vulnerabilities in centralized control on BSC and Arbitrum.
  • Radiant Capital halted operations on Base and Mainnet after hackers compromised multisig wallets, impacting core lending services.
  • Experts urge decentralized security as multisig vulnerabilities expose Radiant to a $58M loss, underscoring Web3’s evolving security needs.

Radiant Capital, a decentralized lending platform, recently suffered a massive hack, losing approximately $58 million. The breach occurred after private keys controlling the multisig wallet were compromised, as revealed by Revoke.cash on X (formerly Twitter). De.Fi Antivirus, a cybersecurity firm, confirmed the attack, noting that hackers exploited the “transferFrom” function to drain funds across Binance Smart Chain (BSC) and Arbitrum.

⚠️ Radiant Capital hacked ⚠️

We've received reports that private keys of the Radiant Capital multisig were compromised, which allowed malicious actors to steal approved user funds. Over $50M has been stolen so far. Check if you're affected below 👇 https://t.co/WIHE63WcsT

— Revoke.cash (@RevokeCash) October 16, 2024

Significant Financial Impact on Radiant Users

Consequently, millions in assets like USDC, WBNB, and ETH were stolen. Ancilia Inc. supported De.Fi’s findings, estimated losses at $50 million. Radiant Capital has paused markets on Base and Mainnet while working with cybersecurity partners like SEAL911 and Chainalysis to assess the damage . 

Radiant’s core lending services, which allow users to borrow, lend, and bridge cryptocurrencies, have taken a massive hit. The platform faced a similar breach earlier this year, losing $4.5 million due to a smart contract bug.

Multisig Vulnerabilities Exposed

Multisigs, a popular Web3 security method, are under fire. Many experts, including EigenLayer’s founder Sreeram Kannan, have raised concerns about the centralized vulnerabilities of multisigs. Although they offer some protection, attackers exploited Radiant’s system by obtaining the private keys of three signers. This allowed them to hijack smart contracts and steal user funds.

Radiant Capital just had their protocol stolen from them like a school bully steals lunch money.

Multisig was compromised and ownership was transferred.

Revoke all approvals. Tens of millions of dollars in losses so far. pic.twitter.com/vu5dIO2AH6

— Pop Punk (@PopPunkOnChain) October 16, 2024

Moving Beyond Centralized Multisigs

The Radiant hack sheds light on Web3’s broader security challenges . According to a report by Hacken, exploits of access control mechanisms accounted for $316 million stolen in Q3 2024. This incident highlights the growing need for decentralized security solutions. 

Read CRYPTONEWSLAND on google news

Losses across various attack types in 2024. Source: Hacken

Besides, this hack raises important questions about the role of centralized control in decentralized ecosystems. As blockchain evolves, a shift to more secure and truly decentralized security solutions seems inevitable.

disclaimer read more

Crypto News Land, also abbreviated as "CNL", is an independent media entity - we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.