Radiant Capital Hack: Scammers Steal $51.5 Million from Users on BNB Chain and Arbitrum

Radiant Capital Hacked: Radiant Capital has suffered a $51.5 million hack targeting users on BNB Chain and Arbitrum. Learn about the attack details, user vulnerabilities, and security warnings.

Radiant Capital Hack: Radiant Capital, a decentralized finance (DeFi) platform, has fallen victim to a massive hack resulting in the theft of approximately $51.5 million from user accounts across the BNB Chain and Arbitrum networks. The security breach was first reported by Web3 security firm Ancilia Inc. via X, warning users of an ongoing exploit targeting the platform.

Attack Details: Unauthorized Transfers and Vulnerable Contracts

The attack began on Wednesday afternoon, October 16, 2024, targeting Radiant’s Ethereum Layer 2 service before spreading to the BNB Chain. According to Arkham Intelligence, the hacker executed a series of unauthorized transfers, draining assets from user accounts. The attacker reportedly exploited a TransferFrom function, which allows one account to transfer tokens from another account to a third party, after users unknowingly gave approval to a malicious wallet address.

Web3 security experts from Ancilia have urged all Radiant users to “revoke your approval ASAP” for any Radiant-related contracts to protect their remaining assets.

Radiant Capital Hack: Scammers Steal $51.5 Million from Users on BNB Chain and Arbitrum
Source: X

The Hack’s Mechanism: A Backdoor Exploit

Tony Ke, a security expert from Fuzzland, explained that the hacker leveraged a backdoor contract, which was created around 17:09 UTC on Wednesday, giving the attacker access to user accounts. Ke suggested that the breach may have been caused by internal issues, possibly due to phishing or a compromised computer that led to the leak of Radiant’s private keys.

Ke noted, “Radiant Capital has fallen victim to a hack causing $51 million in losses so far across Arbitrum and BNB Chain.” While Radiant’s Ethereum and Base systems appear safe, Ke advised users to remain cautious and revoke any permissions linked to Radiant contracts.

Funds Transferred to Malicious Wallet

The hacker has been transferring stolen tokens, including wrapped BNB, ETH, USDC, and USDT, to a single wallet address starting with 0x0629b. According to DeBank, the wallet currently holds over $5 million in BNB and a total balance of $51 million in stolen assets.

As of the latest reports, the hacker’s wallet contains more than $32 million in Arbitrum-based assets and approximately $18 million in tokens on the BNB Chain.

Security Warnings and Next Steps

Users are strongly advised to revoke any prior contract approvals to protect their remaining funds. The ongoing investigation indicates that this hack might have originated from an internal security flaw or a compromised private key, though the exact cause is still under investigation.

Radiant Capital has yet to release an official statement on the matter, but security experts are working to trace the origins of the hack and potentially recover some of the stolen assets.

Leave a comment

Your email address will not be published. Required fields are marked *