Radiant Capital Suffers $58M Exploit Through Compromised Access Controls

In a significant security breach on Wednesday, cross-chain lending protocol Radiant Capital lost approximately $58 million after attackers gained unauthorized access to its smart contracts on both BNB Chain and Arbitrum networks.

The exploit occurred when attackers obtained three out of eleven private keys needed to control the protocol’s multi-signature wallet, enabling them to upgrade smart contracts and drain user funds. Assets stolen included USDC, WBNB, ETH, and other cryptocurrencies across both chains.

“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum,” Radiant Capital confirmed in a statement on X (formerly Twitter). The protocol has engaged several security firms including SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the incident.

In response to the breach, Radiant has paused its markets on Base and Ethereum Mainnet as a precautionary measure. Security experts are advising users to immediately revoke all permissions granted to Radiant’s smart contracts.

This marks the second security incident for Radiant Capital in 2024, following a $4.5 million loss in January due to a flash loan exploit. Security experts speculate that Wednesday’s attack may have resulted from a compromised front-end interface or malware that affected legitimate key holders.

The incident highlights ongoing security challenges in decentralized finance, particularly regarding multi-signature wallet systems.

Radiant Capital, which operates as a DAO (Decentralized Autonomous Organization), was designed to unify liquidity across Web3 money markets. The protocol continues to work with security partners to investigate the incident and will provide updates as more information becomes available.