Omnichain Money Market shining capital RDNT
-4.51%
According to on-chain evidence and Web3 Security Ancilia, it appears to be under attack. The attack began Wednesday afternoon at Radiant’s. Ethereum 
ETH
+0.96%
layer 2 decision 
ARB
-0.19%
After creating the instance 
BNB
+1.68%
chain, according to Arkham Intelligence. data.
“We have seen multiple transfers from user accounts via contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please cancel the approval as soon as possible. The new implementation appears to have a vulnerability feature.” Ancilia wrote to X.
The transferFrom exploit uses the transferFrom function of a smart contract to allow one account to send a specified number of tokens from a target account to a third account. Typically, the victim’s account must be given permission to interact with the spoofed wallet address. As a safety measure, Ancilia warns Radiant users to cancel all Radiant contract addresses.
“Radiant Capital has so far lost $51 million across its Arbitrum and BnB chains due to the hack. Ethereum and Base distributions appear to be secure, but for now we would caution everyone to exercise caution when interacting with these contracts. It will be.” Tony Ke, head of security research at Fuzzland, told The Block in an interview.
According to Ancilia, at approximately 17:09 UTC on Wednesday, a backdoor contract was deployed, allowing an unknown attacker to gain unauthorized access and initiate token transfers.
“Radiant utilizes a multi-signature setup for smart contract control, which appears to have been compromised internally,” Ke said. The attack profile suggests that someone was phished, their computer was compromised, or an internal attacker leaked Radiant’s private keys.
“Once we have more information about how this happened, we will work with the Radiant team to assist in any possible recovery efforts,” Ke said.
The hackers transferred wrapped versions of BNB, ETH, USDC, and USDT tokens from a Radiant-controlled wallet to a single address starting with 0x0629b. The wallet currently has a BNB balance consisting of $5 million worth of tokens. In the same wallet account in DeBank you will see: Balance $51 millionSince creation, token holdings have increased by 2,619,512.54%, indicating that the attack could become much more widespread.
The attacker’s address holds $32 million worth of Arbitrum-based assets and approximately $18 million worth of BNB chain tokens. The largest holdings are ETH derivatives wstETH and weETH.
Earlier this year, Radiant Capital lost 1900 ETH, worth about $4.5 million, in a flash loan attack.
Editor’s note: Adds context to the hack and a quote from Tony Ke of Fuzzland.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2024 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.