DeFi Platform Radiant Capital Loses Over $50M to Hackers

Radiant Capital, a decentralized finance (DeFi) project utilizing LayerZero, recently suffered a significant loss of over $50 million due to an attack by unidentified individuals.

4/ thanks for the update from replies. Seems like Arbitrum contract was hacked, too:https://t.co/E7kLLavJ7C
The total lost is > $50M now.

— Ancilia, Inc. (@AnciliaInc) October 16, 2024

According to the Web3 security firm Ancilia, the breach was likely caused by a backdoor contract deployed on the BSC network and Arbitrum chain, enabling the attacker to gain unauthorized access and initiate asset transfers.

What is Radiant Capital?

Radiant Capital is a DeFi platform that enables cross-chain lending and borrowing, aiming to bridge liquidity across different blockchain networks. Users can deposit assets on one blockchain and borrow on another.

This is not Radiant Capital’s first security incident. Earlier in the year, the platform lost approximately 1,900 ETH (valued at $4.5 million) due to a flash loan attack.

Radiant Capital @RDNTCapital was under a flash loan attack with a loss of $4.5M.
Attacker: https://t.co/L7fXlF8VXP

The attacker manipulated the index parameter (which later served as a denominator) to become extremely large. The contract has a rounding issue in its… pic.twitter.com/8AdY7pjaKE

— Beosin Alert (@BeosinAlert) January 3, 2024

Blockchain security firm Beosin identified the exploit as a flash loan attack that capitalized on a “rounding issue” in the codebase. The precision error allowed the attacker to profit through repeated deposit and withdrawal actions.

Cybercriminals Target DeFi

Decentralized finance continues to be a prime target for cybercriminals. Data shows that 31 out of 34 incidents in the third quarter (Q3) occurred within the DeFi sector. However, centralized finance (CeFi) platforms faced greater financial impacts, accounting for 74.8% ($309 million) of total losses, compared to DeFi’s 25.2% ($104 million).

The Indian centralized exchange WazirX lost $235 million to hackers, followed by a $52 million breach at Singapore-based BingX on September 20. Other affected platforms include Penpie, which lost $27 million. Indodax, another CeFi platform, parted ways with over $21 million, while DeltaPrime reported $5.98 million in stolen funds. Truflation lost $5.6 million.

Trader Loses $1.3M in Scam

In a separate event, a crypto whale recently became a phishing scam victim and lost over $1.39 million in various cryptocurrencies.

According to CoinTab, the incident involved the exploitation of Uniswap’s “permit2” feature. This feature lets users approve multiple tokens with one signature. Scammers exploited it to access and drain the victim’s wallet after they signed a phishing message.

The stolen assets included PEPE, MSTR, and APU tokens valued at around $1.39 million and were taken from the decentralized exchange Uniswap.