Radiant Capital’s $50M crypto hack underlines DeFi’s multisig dependence
Yesterday, lending platform Radiant Capital suffered a loss of over $50 million worth of crypto when the project’s multisig wallet was compromised. The incident offers a stark reminder of the importance of key management in the industry, and the potential for damage when signer addresses are compromised. According to blockchain security firm SlowMist, private keys to three of 11 addresses were compromised in order to “transfer ownership of the LendingPoolAddressesProvider contract to a malicious contract controlled by the attacker.” This was then used to drain lending markets on two networks: Arbitrum and BNB Chain. #ancilia_alerts It seems like something happen with @RDNTCapital contract on BSC. We have noticed several transferFrom user's account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke your approval ASAP. It seems like the new implementation had… — Ancilia, Inc. (@AnciliaInc) October 16, 2024 Read more: Three DeFi hacks net $10 million