Radiant Capital has published an in-depth analysis of the exploit on October 16, which resulted in the loss of over $50 million in user funds. The post-mortem reveals that the attacker utilized sophisticated malware to corrupt transactions, allowing them to steal funds during a standard multi-signature process.
### Attack Methodology Exploited Common Errors
The breach began when the hacker compromised hard wallets from three of the protocol’s core developers, injecting malware that imitated legitimate transactions. As developers signed off on what they assumed were routine emissions adjustments, the malware executed unauthorized transactions in the background. Radiant Capital emphasized that its team adhered strictly to standard operating procedures, simulating each transaction for accuracy on the full-stack Web3 infrastructure platform, Tenderly, and individually reviewing them at every signature stage. Despite these layers of verification, the malware infiltrated the system without triggering any alerts during front-end checks.
A notable point in the company’s assessment was how the attacker exploited typical transaction failures to perpetrate the hack. They utilized wallet resubmissions, which often occur due to gas price fluctuations or network congestion, to gather private keys while maintaining an appearance of normalcy. The perpetrator then assumed control of certain smart contracts and ultimately siphoned millions of dollars worth of cryptocurrencies, including USDC, wrapped BNB (wBNB), and Ethereum (ETH). The stolen amount is reported to be between $50 million and $58 million, with the DeFi platform citing the lower figure.
### FBI Tapped to Help Recover Stolen Funds
Radiant Capital disclosed in the report that it is collaborating closely with U.S. law enforcement, including the FBI, as well as cybersecurity firms SEAL911 and ZeroShadow, to trace the stolen crypto. As a precautionary measure, it has advised users to revoke approvals across all chains, including Arbitrum, BSC, and Base, in response to the exploiter using open approvals to deplete accounts. The company has also set up new cold wallets and adjusted signing thresholds to bolster security, introducing a mandatory 72-hour delay for all contract upgrades and ownership transfers, allowing the community ample time to review transactions before execution. However, the firm acknowledged that even these enhanced measures might not have deterred such a sophisticated breach.
DeFi exploits are escalating at an alarming rate, with recent surveys indicating a concerning trend. PeckShield reported over 20 hacks in September alone, leading to more than $120 million in losses. Additionally, another on-chain security firm, Hacken, announced that over $440 million stolen from crypto platforms in the third quarter of 2024 had been irrecoverably lost.
Follow us for more updates on Twitter.
