Radiant Capital Users Suffers a Loss of $50 million from Private Key Compromise

Radiant Capital, a decentralized finance (DeFi) platform, has announced a security breach, confirming a private key compromise leading to the theft of user assets. The attack, which occurred on multiple chains, has resulted in the loss of over $50 million.

In a statement released on October 16, 2024, Radiant Capital confirmed the breach: “We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update soon. Markets on Base and Mainnet are paused until further notice.”

The platform further urged users to revoke access to the following contracts on http://revoke.cash:  0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1, 0x30798cFe2CCa822321ceed7e6085e633aAbC492F, 0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281, 0xA950974f64aA33f27F6C5e017eEE93BF7588ED07.

Radiant Capital Response to Breach

The statement clarified that the platform’s system detected suspicious transactions across various blockchains involving the official Radiant Capital account (@RDNTCapital). The investigation revealed that a malicious actor gained unauthorized control of multi-signature wallets, facilitating the withdrawal of user funds.

As a result, Radiant Capital has paused all lending markets on Base and Mainnet and is working with security experts to assess the situation. The platform strongly advises users to refrain from interacting with the protocol until further notice and to revoke all data approval for the protocol to prevent further losses.

Users must prioritize their security and thoroughly assess the risks linked to DeFi platforms before participating in any financial activities, as per the firm’s recommendation.

The firm advised that users should thoroughly research the security protocols and track record of any DeFi platform before entrusting their funds.
Moreover, In the event of security breaches, users should promptly revoke access to any compromised contracts.

Notably, the investigations continue, and Radiant Capital assures its users that they are working tirelessly to resolve the situation and recover stolen funds.

Phishing Attack Cost a Crypto Investor $35 Million

On September 13th, 2024, a crypto trader suffered a $35 million loss from a phishing attack. In this instance, a crypto investor fell victim to a malicious scheme, losing a staggering 15,079 fwDETH, roughly equivalent to $35 million.

The attack, meticulously orchestrated through a deceptive “phishing” signature, exemplifies the insidious nature of these cybercrimes. Moreover, this often entails social engineering tactics, where malicious actors leverage trust and familiarity to lure victims into a false sense of security.

In this particular case, the attackers successfully convinced the victim to sign a “permit” that granted them access to their funds. Additionally, a seemingly innocuous action, born out of a misplaced sense of trust, ultimately resulted in the transfer of a substantial sum to the scammer’s wallet. The victim, unaware of the implications, was left to grapple with the devastating consequences of their misplaced faith.

This incident serves as a potent reminder of the vulnerabilities inherent in the cryptocurrency space. While blockchain technology offers a decentralized and transparent system, it remains susceptible to attacks that exploit human trust and naivety. The growing sophistication of phishing techniques underscores the critical need for robust security measures and user awareness.