Here’s How Radiant Capital Lost Over $50M This Week

On October 16th, 2024, the decentralized finance (DeFi) project Radiant Capital parted ways with over $50 million worth of crypto assets as it fell victim to a security breach. Fast-forward to two days after the attack, the protocol’s team reveals in a post-mortem report that a compromise of three core contributors facilitated the attack.

How the Breach Occurred

Radiant Capital’s hack event summary stated that the attackers exploited a vulnerability in the protocol’s interface, allowing unauthorized access to the financial system. To facilitate the attack, the exploiters used a “sophisticated malware injection” to compromise the devices of at least three “long-lasting, trusted” contributors to the DAO. The report added that these developers are “geographically distributed,” downsizing the possibility of a coordinated attack.

The project’s team noted that the breach went undetected because it “occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates.” They stressed that the breach could have been planned for weeks or even months to ensure the attackers could execute their plans swiftly upon gaining access.

As soon as the breach was identified, the DeFi platform initiated emergency security measures. They took down affected systems to prevent further loss and other initiatives to contain the security breach. The project also notified enforcement and regulatory bodies related to financial crimes and cyberattacks, cooperating fully to track down the individuals responsible for the attack.

While Radiant Capital has yet to release detailed information about the exact number of affected clients, it assured customers that it is working to recover the stolen funds.

Ancilia Faced Backlash for Fatal Mistake

While being among the first to expose the Radiant Capital exploit, the blockchain security firm Ancilia faced a severe backlash from the crypto community on X. In its tweets, the firm accidentally exposed its audience to a phishing link tied to the hack. The link led to additional losses for the users who clicked on it, as malicious cyber attackers compromised their wallets.

Ancilia has issued an apology and promised to improve its security to prevent similar mistakes. However, this has sparked an outage within the Web3 community.