Last night, decentralized finance (DeFi) platform @RDNTCapital fell victim to a significant security breach that resulted in a massive loss of funds from its markets.
The attack targeted the platform’s multisig wallet, which is responsible for critical tasks such as contract upgrades and transferring funds.
The wallet, identified as 0x111ceeee040739fd91d29c34c33e6b3e112f2177, operates on a multisignature model that requires 3 out of 11 signatures to authorize transactions.
🚨UPDATE🚨 Last night, @RDNTCapital experienced a major attack, leading to a substantial loss of funds from its markets.
Here's a detailed summary of how the attack unfolded🧵👇 https://t.co/u9IJu44WQc
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) October 17, 2024
Unfortunately, the attacker managed to gain control of permissions for three of the wallet’s signers, bypassing security measures.
By using these three compromised private keys to sign off-chain, the hacker was able to transfer ownership of the LendingPoolAddressesProvider to a malicious contract.
The attacker then updated the lending pool’s logic to a backdoor contract, which allowed them to siphon funds from various lending markets.
Funds Stolen Now Converted To ETH And BNB
The stolen funds were quickly converted into native tokens and are now held in two wallets. One address currently holds 12,835 ETH, valued at around $33.56 million, while the second wallet contains 32,113 BNB, worth approximately $19.35 million.
Radiant Capital (@RDNTCapital) was hacked for $53M in various crypto assets 8 hours ago!
The hacker has since converted the stolen funds into native tokens, holding 12,835 $ETH ($33.56M) and 32,113 $BNB ($19.35M) across two wallet addresses.
For safety, please revoke the… https://t.co/nx5UjzkQU1 pic.twitter.com/UXuAe72iJH
— Spot On Chain (@spotonchain) October 17, 2024
This exploit marks a significant setback for @RDNTCapital and highlights the ongoing risks and vulnerabilities within the DeFi ecosystem.
Despite the use of multisig wallets, which are generally seen as a security measure, the breach illustrates how even trusted mechanisms can be undermined if private keys are compromised.
As investigations continue, the platform is working to address the security flaws and potentially recover the stolen assets.
Disclosure: This is not trading or investment advice. Always do your research before buying any Metaverse crypto coins.