Radiant Capital Hacked for Second Time This Year, Losses Another $51 Million

Radiant Capital was also targeted by bad actors in January, but the damage was not as severe as this latest attack.

According to blockchain security firm Ancilia, the lending platform Radiant Capital (RDNT) on Arbitrum and BNB Chain was hacked late at night on October 16, resulting in a large loss of assets.

On-chain data shows that the bad actors have siphoned off more than $32 million in assets on Arbitrum and $18 million on BNB Chain, with a total loss of $51 million.

Radiant Capital later confirmed on the project's X (Twitter) page that it was experiencing a security incident and began working with relevant organizations to fix the problem. The project also asked users to revoke wallet access to the four smart contract addresses that were hacked by the attackers.

Radiant also announced a temporary shutdown until the vulnerability is patched.

According to DefiLlama, Radiant Capital’s total value locked (TVL) in the first two weeks of October was between $80-87 million. This means that the attack took away more than 58% of the protocol’s total TVL.

Initial analysis shows how the hacker was able to steal the assets. The attacker somehow obtained 3 out of 11 multisig approval private keys, which were enough to create a request to transfer control of the lending pool on Radiant to himself and then withdraw the funds. Therefore, the community is asking why Radiant Capital could keep the multisig approval threshold so low.

RDNT token price is down more than 6% on news of the latest attack.

In January 2024, Radiant Capital was also attacked through a vulnerability in its lending pool, losing $4.5 million in assets.