- According to Arkham data, the attack started on Radiant’s Ethereum Layer 2 Arbitrum instance before moving on to BNB Chain.
- Around $18 million worth of BNB Chain tokens and over $32 million worth of Arbitrum-based assets are stored in the wallet of the accused exploiter.
The money market on a chain Onchain data and Web3 security Ancilia appear to indicate that Radiant Capital is being exploited. Based on information from Arkham Intelligence, the attack started on Radiant’s Ethereum Layer 2 Arbitrum instance on Wednesday afternoon and then spread to Chain.
Multiple transfers from the user’s account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281 have been seen. Kindly withdraw your consent right now. Ancilia noted on X that it seems the new implementation contained vulnerability functionalities.
Through the use of a smart contract’s transferFrom function, a transferFrom exploit allows one account to transfer a predetermined quantity of tokens from a target account to a third account. Generally, in order to communicate with a spoof wallet address, authorization from the victim’s account is needed. As a precaution, Ancilia is advising Radiant users to cancel all Radiant contract addresses.
A hack that affected Radiant Capital has resulted in $51 million in losses for Arbitrum and BnB chain thus far. Although the Ethereum and Base deployments appear to be secure, Tony Ke, security research head at Fuzzland, cautioned that users should exercise caution when interacting with these contracts at this time.
Ancilia claims that on Wednesday at around 17:09 UTC, a backdoor contract was activated, allowing the unidentified attacker to enter without authorization and start sending tokens.
For their smart contract controls, Radiant uses a multisig configuration, which appears to have been exploited internally. Based on the attack profile, it appears that Radiant’s private keys were leaked due to phishing, compromised computers, or insider attacks.
We’ll endeavor to collaborate with the Radiant team as we get more details regarding what happened and assist with any potential fund recovery.
From a wallet under Radiant control, the hacker moved wrapped copies of several currencies, including USDC, USDT, ETH, and BNB, to a single address starting 0x0629b.
There are presently more than $5 million worth of tokens in that wallet’s BNB balance. The DeBank account associated with the same wallet displays a $51 million balance, and the token holdings have increased by 2,619,512.54% since the account’s creation, suggesting that the attack may be much more widespread.
Around $18 million worth of BNB Chain tokens and over $32 million worth of Arbitrum-based assets are stored on the attacker’s address. Its biggest assets are wstETH and weETH, which are ETH derivatives.
In a flash loan attack earlier this year, Radiant Capital lost over 1900 ETH, or $4.5 million.
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.
