Non Cult Crypto News

Non Cult Crypto News

in

Radiant Capital hacker compromised developers’ devices — post-mortem 

Attackers of Radiant Capital compromised the devices of at least three core developers through a malware injection, the company confirmed.  

COINTELEGRAPH IN YOUR SOCIAL FEED

Radiant Capital has disclosed a post-mortem for the Oct. 16 attack that resulted in the theft of over $50 million in digital assets from the BNB Chain and Arbitrum networks. According to Radiant, the attacker compromised the devices of three of its long-standing developers. 

Hackers were able to compromise the devices through a “sophisticated malware injection” used to sign malicious transactions. 

“The devices were compromised in such a way that the front-end of Safe{Wallet} (f.k.a. Gnosis Safe) displayed legitimate transaction data while malicious transactions were signed and executed in the background,” the Radiant team explained in a blog post. 

Radiant Capital is a decentralized finance (DeFi) platform that allows users to earn interest and borrow assets across multiple blockchain networks. It operates like an “omnichain money market,” enabling cross-chain transactions on lending markets in different networks, such as Ethereum, BNB and Arbitrum.

Related: Radiant Capital halts lending after exploit

The attack 

According to the company, the breach occurred during a routine multisignature emissions adjustment, a process that takes place “periodically to adapt to market conditions and utilization rates.”

Multisignature is the dominant means of securing Web3 protocols. it requires multiple signatures to authorize a transaction. 

Once the transactions were approved, the compromised devices intercepted these approvals and replaced them with a malicious transaction, which was then forwarded to the hardware wallets for signature. As soon as the Safe Wallet detected an issue, it displayed an error message, prompting the users to attempt the signature again. 

This type of failure can arise from a number of factors, such as gas price fluctuations, nonce mismatch, network congestion, and insufficient gas limit, among others.

“As a result, this behavior did not raise immediate suspicion,” said the team. This process ultimately allowed the attackers to gather three valid signatures.

Losses across various attack types in 2024. Source: Hacken

Related: Researchers hack AI-enabled robots to cause ‘real world’ harm

As per Radiant, the signed transactions still appeared legitimate within the user interface, making the attack difficult to detect. The breach was also undetectable during the manual review of the Gnosis Safe UI and Tenderly simulation stages of the routine transaction.

“This has been confirmed by external security teams, including SEAL911 and Hypernative,” noted the post-mortem. 

Along with draining assets worth $50 million, the hackers exploited open approvals to withdraw funds from users’ accounts. Other Radiant core developers may also have had their devices compromised. The protocol has requested users to revoke approvals on all chains to mitigate further incidents: 

“All users of the Radiant platform were strongly advised to revoke any approvals on ALL chains — Arbitrum, BSC, Ethereum & Base.”

According to a report by cybersecurity firm Hacken, access control exploits were responsible for $316 million in lost funds during the third quarter. This accounts for nearly 70% of all crypto funds stolen during the quarter.

Magazine: Fake Rabby Wallet scam linked to Dubai crypto CEO and many more victims

This article first appeared at Cointelegraph.com News

What do you think?

Written by Outside Source

Bitcoin set to hit six figures amid growing whale accumulation and supply constraints: Bitwise CIO

Sen. Warren calls out Deaton’s ‘pro-bono work for crypto’ in 2nd debate

Back to Top

Ad Blocker Detected!

We've detected an Ad Blocker on your system. Please consider disabling it for Non Cult Crypto News.

How to disable? Refresh

Log In

Or with username:

Forgot password?

Don't have an account? Register

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website.

Add to Collection

No Collections

Here you'll find all collections you've created before.