Critical vulnerability of Radiant Capital cross-chain lending protocol leads to $50M loss
Learn More
Radiant Capital, a cross-chain lending protocol, has shut down its lending markets following a critical security vulnerability that led to over $50 million in losses. Radiant Capital is based in Vancouver, Canada and allows users to lend and borrow digital assets across multiple blockchains.
The breach occurred on both the BNB Chain and Arbitrum networks, with initial loss estimates ranging from $50 million (reported by cybersecurity firm Ancilia Inc.) to $58 million (estimated by De.Fi Antivirus). This incident underscores the growing concerns surrounding the security of multi-signature wallet systems in blockchain protocols.
The vulnerability exploited Radiant Capital's 'transferFrom' function, enabling unauthorized withdrawals of various cryptocurrencies, including:
- USDC (USD Coin)
- WBNB (Wrapped Binance Coin)
- ETH (Ethereum)
According to experts, the attacker likely gained control of several private keys associated with Radiant Capital’s multi-signature wallet system. By accessing these keys, the attacker could compromise multiple smart contracts, siphoning off assets in a manner likened to a “school bully stealing lunch money,” as described by Pop Punk, co-founder of g8keep.
Radiant Capital suspended its lending markets across the Base and Mainnet networks and has engaged multiple security firms, including:
- SEAL911
- Hypernative
- ZeroShadow
- Chainalysis
These firms are actively investigating the breach, assessing damages, and implementing recovery measures.
No details are disclosed about the attacker and the current investigation and tracing of the stolen funds.
