Radiant Capital Hacker 'Stolen' $51 Million in Assets

The majority of the stolen funds from Arbitrum and BNB Chain from the Radiant Capital hack were transferred to Ethereum by the hacker.

As reported, the lending platform Radiant Capital (RDNT) on Arbitrum and BNB Chain was hacked late at night on October 16, resulting in a loss of up to $51 million.

On October 24, blockchain security firm PeckShield found that addresses associated with the Radiant Capital attacker had moved "almost all" of the ill-gotten assets from layer-2 Arbitrum and BNB Chain to Ethereum.

This move is often a stepping stone for hackers to use "money laundering" services like Tornado Cash to obscure the origin of the stolen funds and complicate the tracing process. Previous attacks like WazirX, CoinStats, Orbit Chain, and Penpie have demonstrated that the ability to recover victims' assets has become nearly impossible.

PeckShield said:

"Quickly transferring the stolen funds to Ethereum can help hackers secure their illicit assets before authorities or token issuers take any security measures."

PeckShield noted that the total amount transferred was around 20,500 ETH, worth around $52 million, according to the announcement.

For its part, Radiant Capital immediately suspended its lending markets after the attack and has repeatedly urged users to secure their wallets by revoking affected smart contracts that users had interacted with on Radiant.

On October 18, the Radiant research team also published an analysis after the incident, saying that the hacker had infiltrated the developers' hardware wallets with a type of malware that bypassed all layers of protection.

It is worth noting that even when attacked, the Safe{Wallet} interface still displayed valid transaction information, leaving the developers unaware of the shady transactions being executed in the background (also known as "Blind Signing").

In particular, the attacker chose the time when Radiant performed periodic multi-multisig adjustments. Although this process is strictly controlled, including transaction simulation via Tenderly and manual checks, the hacker still bypassed everything to steal millions of dollars.

RDNT's price has plummeted more than 26% since the hack. At the time of writing, RDNT's price is fluctuating around $0.0058, down 4% in the past 24 hours.

This hack once again raises concerns about the security of cold wallets like Ledger or Trezor. In 2023, Ledger was embroiled in a scandal over a security flaw in its Connect-Kit toolkit, which led to many dApps being attacked. Trezor T was also not spared when security company Unciphered discovered a vulnerability that allowed hackers to drain funds simply by physically possessing it. These incidents are a reminder to crypto investors that no security solution is absolutely safe.