BPOI Banner
Hackers Steal $243 Million In Bitcoin Scam Hackers Steal $243 Million In Bitcoin Scam

Radiant Capital Releases Post-Mortem Analysis of $50M Attack

Radiant Capital has released a detailed analysis of the October 16 exploit that led to the loss of more than $50 million in user funds.

According to the post-mortem, the attacker used highly advanced malware to poison transactions, enabling them to steal funds during a routine multi-signature process.

Attack Methodology Exploited Common Errors

It all started with the hacker compromising hard wallets belonging to three of the protocol’s core developers and injecting them with malware that mimicked legitimate transactions. As the developers signed what they believed were routine emissions adjustments, the malware executed unauthorized transactions in the background.

Radiant Capital reiterated that its contributors followed standard operating procedures to the letter in the fateful process. They simulated each transaction for accuracy on the full-stack Web3 infrastructure platform, Tenderly, while also putting them through individual review at every signature stage.

Despite these multiple layers of verification, front-end checks showed no visible signs of anomalies even as the malware wormed its way into the protocol’s systems.

What also stood out in the company’s assessment was how the attacker took advantage of common transaction failures to execute the hack. They used wallet resubmissions, often caused by gas price fluctuations or network congestion, as cover to collect the private keys, all while maintaining the appearance of normalcy.

The perpetrator then gained control of some smart contracts and eventually siphoned millions of dollars worth of cryptocurrencies, including USDC, wrapped BNB (wBNB), and Ethereum (ETH).

The actual amount stolen varies between $50 million and $58 million, depending on the source reporting it. However, the decentralized finance (DeFi) platform has stated the lower figure in its accounting of the incident.

FBI Tapped to Help Recover Stolen Funds

In the report, the cross-chain lender said it is working closely with U.S. law enforcement, including the FBI, as well as cybersecurity firms SEAL911 and ZeroShadow to track the stolen crypto.

Further, as a precaution, it advised users to revoke approvals across all chains, including Arbitrum, BSC, and Base. This step is in response to the exploiter capitalizing on open approvals to drain funds from accounts.

Radiant Capital has also created new cold wallets and adjusted signing thresholds to improve the platform’s security. Likewise, it has introduced a mandatory 72-hour delay for all contract upgrades and ownership transfers. It is meant to give the community enough time to check transactions before final execution.

However, given the level of sophistication in the breach, the firm has conceded that even these measures may not have prevented the attack.

DeFi exploits have grown at an alarming pace, and a couple of recent surveys paint a drab picture. According to PeckShield, there were more than 20 hacks in September, leading to more than $120 million in losses.

In addition, another on-chain security firm, Hacken, announced that more than $440 million stolen from crypto platforms in the third quarter of 2024 had been lost forever.

SPECIAL OFFER (Sponsored)

Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).

LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and open a 100 USDT-M position for free!

Source link

Wayne Jones

https://cryptopotato.com/radiant-capital-releases-post-mortem-analysis-of-50m-attack/

2024-10-18 17:56:29

bitcoin
Bitcoin (BTC) $ 91,516.52 1.36%
ethereum
Ethereum (ETH) $ 3,177.94 2.65%
tether
Tether (USDT) $ 1.00 0.14%
solana
Solana (SOL) $ 240.03 2.73%
bnb
BNB (BNB) $ 621.77 0.11%
xrp
XRP (XRP) $ 1.13 5.06%
dogecoin
Dogecoin (DOGE) $ 0.37385 2.18%
usd-coin
USDC (USDC) $ 1.00 0.14%
staked-ether
Lido Staked Ether (STETH) $ 3,179.97 2.76%
cardano
Cardano (ADA) $ 0.751631 1.34%
tron
TRON (TRX) $ 0.205426 4.14%
shiba-inu
Shiba Inu (SHIB) $ 0.000025 0.60%
avalanche-2
Avalanche (AVAX) $ 35.64 0.36%
the-open-network
Toncoin (TON) $ 5.55 1.59%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,756.48 2.73%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 91,268.45 1.38%
sui
Sui (SUI) $ 3.74 4.38%
chainlink
Chainlink (LINK) $ 15.33 9.62%
weth
WETH (WETH) $ 3,176.69 2.66%
bitcoin-cash
Bitcoin Cash (BCH) $ 446.03 1.98%
pepe
Pepe (PEPE) $ 0.000021 5.29%
polkadot
Polkadot (DOT) $ 5.92 6.74%
near
NEAR Protocol (NEAR) $ 6.14 4.69%
leo-token
LEO Token (LEO) $ 7.63 0.02%
stellar
Stellar (XLM) $ 0.230168 18.64%
litecoin
Litecoin (LTC) $ 89.39 1.53%
aptos
Aptos (APT) $ 12.18 1.07%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,339.45 2.63%
uniswap
Uniswap (UNI) $ 9.22 3.53%
usds
USDS (USDS) $ 1.01 2.60%
hedera-hashgraph
Hedera (HBAR) $ 0.131404 48.20%
crypto-com-chain
Cronos (CRO) $ 0.171121 6.95%
internet-computer
Internet Computer (ICP) $ 9.42 1.43%
kaspa
Kaspa (KAS) $ 0.170802 11.62%
ethereum-classic
Ethereum Classic (ETC) $ 26.58 2.97%
render-token
Render (RENDER) $ 7.77 8.24%
bittensor
Bittensor (TAO) $ 515.80 2.74%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.45427 12.15%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.38 8.27%
mantra-dao
MANTRA (OM) $ 3.82 11.29%
dogwifcoin
dogwifhat (WIF) $ 3.46 9.06%
bonk
Bonk (BONK) $ 0.000048 4.99%
ethena-usde
Ethena USDe (USDE) $ 1.00 0.08%
dai
Dai (DAI) $ 1.00 0.06%
whitebit
WhiteBIT Coin (WBT) $ 22.20 0.28%
arbitrum
Arbitrum (ARB) $ 0.724958 5.48%
blockstack
Stacks (STX) $ 1.94 1.88%
monero
Monero (XMR) $ 158.05 4.93%
filecoin
Filecoin (FIL) $ 4.51 1.86%
vechain
VeChain (VET) $ 0.032325 10.77%