Briefing

On October 16, 2024, the Radiant Capital protocol suffered a sophisticated cyberattack resulting in the loss of approximately $50 million USD from its core lending markets on Arbitrum and BNB Chain. The incident stemmed from a malware injection on the devices of at least three core developers, which enabled the manipulation of transaction data during a routine multi-signature emissions adjustment. This allowed attackers to obtain fraudulent signatures for a transferOwnership action, bypassing both front-end verification and simulation tools, ultimately leading to the unauthorized draining of assets.

The image showcases an array of intricate metallic and transparent mechanical components, internally illuminated with a bright blue light, creating a sense of depth and complex interaction. Gears, conduits, and circuit-like structures are visible, suggesting a highly engineered and precise system

Context

Prior to this incident, the DeFi landscape has seen a persistent rise in sophisticated social engineering and supply chain attacks targeting key personnel, often bypassing robust smart contract audits. While multi-signature schemes are designed to enhance security by requiring multiple approvals, the prevailing risk factor lies in the human element and the integrity of the signing environment. This exploit leveraged advanced device-level compromise, highlighting a critical vulnerability class where off-chain attack vectors directly undermine on-chain security controls.

A highly detailed render showcases intricate glossy blue and lighter azure bands dynamically interwoven around dark, metallic, rectangular modules. The reflective surfaces and precise engineering convey a sense of advanced technological design and robust construction

Analysis

The attack began with a social engineering tactic on September 11, 2024, where a Radiant developer received a malicious zipped PDF via Telegram, masquerading as a former contractor’s job opportunity. This delivered INLETDRIFT malware, establishing a persistent macOS backdoor on compromised devices. During a subsequent routine multi-signature emissions adjustment, the malware manipulated the display within the Safe{Wallet} (Gnosis Safe) front-end and Tenderly simulations, presenting legitimate transaction data while simultaneously sending malicious transferOwnership transactions to hardware wallets for signing. This allowed the attackers, identified as the North Korean threat actor UNC4736, to secure the necessary three-of-eleven multi-signature approvals, seize control of the Pool Provider contract, and deploy malicious versions to drain funds from the protocol’s core markets on Arbitrum and BNB Chain.

The image showcases a high-precision hardware component, featuring a prominent brushed metal cylinder partially enveloped by a translucent blue casing. Below this, a dark, wavy-edged interface is meticulously framed by polished metallic accents, set against a muted grey background

Parameters

  • Protocol Targeted → Radiant Capital
  • Date of Exploit → October 16, 2024
  • Attack Vector → Malware-driven device compromise and transaction spoofing
  • Financial Impact → $50 Million USD
  • Affected Blockchains → Arbitrum, BNB Chain
  • Threat Actor → UNC4736 (North Korea-aligned)
  • Initial Compromise → Social engineering via malicious zipped PDF

This close-up digital rendering showcases a sophisticated, partially exposed spherical structure, featuring a white, angular exterior shell and a glowing blue interior. Intricate, densely packed circuits and luminous data pathways are visible beneath the outer panels, suggesting complex internal operations

Outlook

Immediate mitigation for users involved revoking all approvals on Arbitrum, BSC, Ethereum, and Base. This incident underscores the critical need for enhanced security practices beyond smart contract audits, emphasizing device-level integrity and robust transaction verification mechanisms, especially when interacting with multi-signature wallets. Protocols must consider implementing stricter controls for developer environments, integrating advanced endpoint detection, and educating teams on sophisticated social engineering tactics. This event will likely accelerate the adoption of trustless transaction signing solutions and hardware-isolated signing environments to prevent similar device-level compromises from undermining on-chain security.

The Radiant Capital exploit serves as a stark reminder that even robust multi-signature schemes are vulnerable when the integrity of the signing environment is compromised by advanced malware, shifting the attack surface from smart contract logic to human and device security.

Signal Acquired from → Medium.com

Micro Crypto News Feeds

malware injection

Definition ∞ Malware Injection involves the unauthorized insertion of malicious code into a legitimate software program or system.

multi-signature schemes

Definition ∞ Multi-signature schemes are cryptographic systems that require two or more private keys to authorize a transaction or access a digital asset.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

transaction spoofing

Definition ∞ Transaction Spoofing is a deceptive trading practice where an entity places a large order with the intent of canceling it before execution, aiming to manipulate market prices.

bnb chain

BNB Chain ∞ is a decentralized blockchain network that supports smart contracts and decentralized applications.

threat actor

Definition ∞ A threat actor is an individual or group that poses a risk to information systems and data security.

compromise

Definition ∞ A 'compromise' in the digital asset space refers to an agreement reached between differing parties, often involving concessions on key points.

on-chain security

Definition ∞ On-chain security refers to the measures and protocols implemented directly within a blockchain's architecture to protect the integrity, confidentiality, and availability of its data and transactions.