HQ/EMEAFind out how we can help your business
On Wednesday evening, unidentified attackers stole over $50 million in cryptocurrency from Radiant Capital, a decentralised finance platform.
In a post-mortem report issued on Thursday, Radiant stated that the hack compromised three developers, all of whom had long been trusted contributors to the platform. The startup has advertised itself as a “one-stop shop” for cryptocurrencies, allowing crypto users and enthusiasts to deposit and borrow across many blockchains.
Several security researchers said on social media that the hacker acquired access to multiple private keys belonging to firm developers, allowing the threat actor to drain customers’ crypto funds.
The company stated that these developers employed hardware wallets and were geographically dispersed, decreasing the possibility of a coordinated physical attack.
However, the attackers could have infected the devices of at least three core contributors through a sophisticated malware infection process. Subsequently, the attackers used the infected devices to sign fraudulent transactions. According to the report, other devices besides the three compromised devices were likely targeted.
The attack on Radiant Capital is the result of a complex cybercriminal activity.
A Radiant Capital representative explained that they suffered a highly sophisticated security breach resulting in a $50 million loss and that the developers’ devices were compromised to display legitimate transaction data. In contrast, poisoned transactions were signed and executed behind the scenes.
The infected devices showed no visible warning indicators besides minor malfunctions and error messages during ordinary operations. Additionally, the representative and the post-mortem study discussed various technical aspects to emphasise the attacker’s high level of sophistication. Still, the post-mortem does not indicate whether the platform intends to refund users who had money stolen. The platform’s operations have been suspended since the attack began on Wednesday.
Researchers discovered the incident on social media after witnessing the hacker change the stolen assets into about 12,800 ETH, valued at $33.5 million, and 32,100 BNB, valued at $19.3 million. Others estimated that the losses could total up to $58 million.
Radiant Capital’s website shows that the company has undergone many security audits, allegedly with the help of a couple of blockchain security providers.
However, this is the second incident in which the company suffered greatly, as Wednesday’s attack followed the theft of $4.5 million against the firm earlier this year.
