Radiant Capital has released a detailed analysis of the October 16 exploit that led to the loss of more than $50 million in user funds.
According to the post-mortem, the attackers used sophisticated malware to poison transactions, allowing them to steal funds during a routine multi-signature process.
Attack Methodologies Leverage Common Mistakes
It all started with hackers compromising the hard wallets of three of the protocol’s core developers and injecting malware into them that imitated legitimate transactions. When developers sign what they believe to be routine emissions adjustments, the malware executes unauthorized transactions in the background.
Radiant Capital reiterated that its contributors followed standard operating procedures in the decisive process. They simulated the accuracy of each transaction on the full-stack Web3 infrastructure platform, Tenderly, while conducting individual reviews at each signing stage.
Despite multiple layers of verification, front-end checks showed no signs of anomalies even when malware infiltrated the protocol system.
What also stands out in the company’s assessment is how attackers exploit common transaction failures to carry out hacks. They use wallet retransmissions, often caused by gas price fluctuations or network congestion, as a cover to collect private keys, while maintaining a normal appearance.
The perpetrator then took control of several smart contracts and ultimately siphoned off millions of dollars worth of cryptocurrency, including USDC, BNB (wBNB), and Ethereum (ETH).
The actual amount stolen varied between $50 million and $58 million, depending on the reporting source. However, decentralized finance (DeFi) platforms stated lower figures in their tally of such incidents.
FBI Tapped to Help Recover Stolen Funds
In the report, the cross-chain lender said it was working with US law enforcement, including the FBI, as well as cybersecurity firms SEAL911 and ZeroShadow to track the stolen crypto.
Furthermore, as a precautionary measure, they advise users to revoke consent on all chains, including Arbitrum, BSC, and Base. The move is a response to exploiters taking advantage of open agreements to drain funds from accounts.
Radiant Capital has also created a new cold wallet and adjusted the signing threshold to improve platform security. Likewise, they have imposed a mandatory 72-hour delay on all contract upgrades and ownership transfers. This is intended to provide sufficient time for the community to review transactions before final execution.
However, given the sophistication of the breach, the company acknowledged that these measures may not have prevented the attack.
DeFi exploits have been growing at an alarming rate, and several recent surveys paint a sobering picture. According to PeckShield, there were more than 20 hacks in September, causing losses of more than $120 million.
Additionally, another on-chain security company, Hacken, announced that more than $440 million stolen from its crypto platform in the third quarter of 2024 has been lost forever.
$600 Free Binance (CryptoPotato Exclusive): Use this link to register a new account and receive an exclusive $600 welcome offer on Binance (full details).
2024 LIMITED OFFER on BYDFi Exchange: Welcome gift up to $2,888, use this link to register and open a free 100 USDT-M position!
