Radiant Capital, a decentralised finance (DeFi) lending and borrowing platform, was targeted in a major exploit on 16 October 2024, resulting in the loss of approximately $50 million. The attack affected its operations on both the BNB Chain and Arbitrum instances, shaking confidence in the protocol’s security measures. This event is the latest in a series of high-profile hacks that have plagued the DeFi sector, raising concerns about the robustness of blockchain security.
PSA: Radiant finance is being exploited live.
Withdraw your fund and revoke approvals.
Seems like their 3/11 multisig got compromised, ownership transferred and then rekt. Another key management failure.
The attackers leveraged vulnerabilities in Radiant Capital’s smart contracts, particularly those governing liquidity and lending pools. According to reports, the breach exploited a known flaw in the protocol’s liquidity management. The flaw allowed the attackers to manipulate contract parameters and drain funds from both the BNB Chain and Arbitrum platforms.
Radiant Capital just had their protocol stolen from them like a school bully steals lunch money.
Multisig was compromised and ownership was transferred.
Blockchain security experts have pointed out that Radiant’s use of forked code from established protocols such as Compound and Aave may have left it vulnerable to exploitation. While forking code allows for faster development, it can also carry over legacy issues, as seen in this case.
Radiant Capital’s Immediate Response
In the aftermath of the breach, Radiant Capital swiftly halted all lending and borrowing activities across the affected chains to prevent further damage. The protocol invoked emergency administrative controls, ensuring no additional funds could be accessed by the attacker.
We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.
In a public statement, the Radiant team assured users that no further funds were at risk, stating, “All markets have been paused to ensure the safety of user assets, and a full investigation is underway to understand the full extent of the exploit.” The team has committed to resuming operations only once a comprehensive review of the protocol’s security infrastructure is completed.
Reaching Out to the Hacker
In an interesting turn of events, Radiant Capital attempted to negotiate with the hacker, suggesting a potential return of funds. This strategy, not uncommon in the DeFi space, has been employed by other platforms facing similar crises. In a blockchain transaction message, Radiant commended the hacker’s skill in identifying the vulnerability and expressed hope that the exploit had been carried out with white-hat intentions, a practice where hackers identify bugs without malicious intent.
So far, the hacker has not responded to Radiant’s outreach.
Previous Security Incidents
This latest exploit is not the first security issue faced by Radiant Capital. In January 2024, the platform lost $4.5 million due to a flash loan attack on its Arbitrum market. That attack exploited a rounding issue in the protocol’s smart contracts, further emphasising the persistent security challenges within the DeFi sector.
These repeated incidents point to systemic risks in the forking of established codebases without adequate security audits. The flash loan attack in January prompted Radiant to pause operations briefly, but this larger $50 million breach has cast a longer shadow over its future.
Industry Impact and Security Concerns
The Radiant Capital exploit underscores the broader risks associated with DeFi protocols, especially those built on shared or forked codebases. While decentralised platforms offer innovative financial solutions, they remain highly susceptible to vulnerabilities that can be exploited with devastating consequences.
Security experts warn that, while leveraging existing code may accelerate innovation, it also increases exposure to inherited flaws. As Radiant Capital scrambles to address these vulnerabilities, the incident will likely prompt other DeFi protocols to reassess their security frameworks to avoid similar breaches.
Conclusion
The $50 million exploit on Radiant Capital serves as a stark reminder of the challenges and risks inherent in the decentralised finance space. As the protocol works to recover from this significant setback, it must prioritise security upgrades and transparency to regain user trust. The event has also reignited debates around the safety of using forked code in DeFi, with many calling for more rigorous security audits across the sector.
