Summary: Over $50 million in cryptocurrency was stolen from Radiant Capital, a decentralized finance platform, through a sophisticated attack that compromised the devices of three trusted developers. The incident highlights vulnerabilities in security practices, despite prior audits by notable blockchain security firms.
Threat Actor: Unknown | unknown
Victim: Radiant Capital | Radiant Capital
Key Point :
- Attackers compromised developer devices through sophisticated malware, allowing them to sign malicious transactions without obvious warning signs.
- The stolen funds were converted into approximately 12,800 ETH and 32,100 BNB, totaling around $58 million in losses.
- This incident marks the second significant hack of Radiant Capital in 2023, following a $4.5 million theft in January.
More than $50 million worth of cryptocurrency was stolen from decentralized finance platform Radiant Capital on Wednesday evening.
In a post-mortem report published on Thursday, Radiant said the attack compromised three developers, all of whom are long-standing, trusted contributors to the platform. The company has marketed itself as a “one-stop shop” money market where users can deposit and borrow cryptocurrencies across different blockchains.
Several security experts said on social media that the hacker gained access to multiple private keys owned by company developers that allowed the threat actor to drain user funds from it.
“These developers used hardware wallets and were geographically distributed, reducing the likelihood of a coordinated physical attack,” the company said.
“Attackers were able to compromise the devices of at least these three core contributors through a sophisticated malware injection. These compromised devices were then used to sign malicious transactions.”
The report notes that it is likely other devices were targeted beyond the three that were compromised.
On the company’s Telegram channel, where it communicates with users, Radiant Capital official Konstantin Levin said unnamed U.S. law enforcement agencies were involved in the investigation alongside several blockchain security companies.
Levin explained that the company “experienced a highly sophisticated security breach that resulted in the loss of $50 million,” adding that the developers’ devices were compromised in a way that “displayed legitimate transaction data while poisoned transactions were signed and executed in the background.”
The compromised devices “presented no obvious warning signs beyond minor glitches and error messages” during routine processes.
Levin and the post-mortem report went through several technical factors to underscore the “high level of sophistication involved.”
“U.S. law enforcement and ZeroShadow are fully informed of the breach and are actively working to freeze all stolen assets,” Levin said. “The [company] is deeply devastated by this attack and will continue to work tirelessly with the respective agencies to identify the exploiter and recover the stolen funds as quickly as possible.”
The post-mortem does not mention if the platform plans to compensate users who had funds stolen. The platform’s operations have been paused since the attack began on Wednesday.
The incident was initially uncovered on social media by researchers who saw the hacker convert the stolen funds into about 12,800 ETH, worth about $33.5 million, and 32,100 BNB, worth about $19.3 million. Others said the losses could reach up to $58 million.
Radiant Capital’s website shows it has gone through several security audits by prominent blockchain security firms including Peckshield and Zokyo.
The incident on Wednesday, however, is the second hack affecting the platform this year after $4.5 million was stolen in January.
Recorded Future
Intelligence Cloud.
Source: https://therecord.media/crypto-platform-radiant-capital-50-million-stolen