Security

Radiant Capital Multi-Signature Compromise Drains $58 Million

A sophisticated supply chain attack compromised Radiant Capital's multi-signature governance, enabling unauthorized contract upgrades and draining millions in user assets.
September 29, 20253 min

A high-resolution close-up showcases a clear, transparent component featuring intricate internal blue structures, seamlessly integrated with a broader system of dark blue and metallic elements. The component is angled, highlighting its detailed design and the reflective qualities of its materials
This visual depicts a sophisticated nexus of decentralized network protocols, characterized by a radiant blue, multi-faceted core mechanism. This core, surrounded by segmented metallic components and organic blue textures, symbolizes the intricate operations within a blockchain

Briefing

The Radiant Capital DeFi lending protocol suffered a significant security breach in October 2024, resulting in an estimated loss of $50 million to $58 million across its Arbitrum and BNB Chain deployments. The incident stemmed from a sophisticated supply chain attack that compromised the protocol’s 3-of-11 multi-signature governance scheme. Attackers leveraged malware to trick signers into approving malicious transactions, ultimately gaining control over critical Pool Provider contracts and enabling unauthorized fund drainage. This event highlights the critical vulnerabilities inherent in complex multi-signature setups and the persistent threat of advanced persistent threat (APT) groups targeting high-value DeFi protocols.

A pristine white, textured material, resembling raw data or unverified transaction inputs, is shown interacting with a translucent, deep blue, structured element. This blue component, embodying a decentralized ledger or a sophisticated smart contract protocol, displays intricate, web-like patterns that signify cryptographic hashing and distributed node connectivity

Context

Prior to this incident, the DeFi ecosystem had already faced numerous exploits, including flash loan attacks and oracle manipulations, underscoring the inherent risks in smart contract interactions and governance mechanisms. Radiant Capital itself experienced an earlier flash loan attack in January 2024 due to rounding issues. The prevailing attack surface for many protocols included vulnerabilities in off-chain operational security, such as developer machine compromise or phishing, which could lead to the subversion of on-chain controls like multi-signature schemes. The reliance on human signers within multi-sig frameworks introduced a critical human element vulnerability.

The image presents a close-up of a futuristic device featuring a translucent casing over a dynamic blue internal structure. A central, brushed metallic button is precisely integrated into the surface

Analysis

The attack’s technical mechanics involved a multi-stage supply chain compromise. A Radiant developer received a malicious ZIP file, disguised as a legitimate smart contract auditing report, from a spoofed former contractor. This file delivered sophisticated INLETDRIFT malware, establishing a persistent macOS backdoor. The attackers then used this access to manipulate the Gnosis Safe wallet frontend, displaying legitimate transaction data to signers while simultaneously pushing malicious transactions to their hardware wallets for blind signing.

With compromised signatures, the attacker gained control of the Pool Provider contract, which manages lending pools, and subsequently upgraded the pool contracts to malicious versions. These upgraded contracts retained the original permissions, allowing the attacker to drain user funds from wallets that had previously granted approvals.

A detailed close-up reveals a complex mechanical assembly featuring translucent blue components intricately shaped into a spiral pathway. Encased within are metallic internal mechanisms, including a geared shaft, a central rotor, and a uniquely patterned coupling device, all suggesting dynamic and precise operational interaction

Parameters

  • Protocol Targeted → Radiant Capital
  • Attack VectorMulti-signature Compromise via Supply Chain Attack and Malware
  • Financial Impact → $50 Million – $58 Million
  • Affected Blockchains → Arbitrum, BNB Chain
  • Malware Used → INLETDRIFT
  • Attacker Affiliation → Suspected DPRK-aligned threat actor (UNC4736)
  • Recent Fund Movement → $14 Million DAI swapped for ETH, $6.5 Million ETH sent to Tornado Cash

The image presents a complex, abstract technological structure centered around a radiant blue, spiky core, encircled by white, block-like modules and dark, interconnected pathways illuminated with blue light. This visual metaphor illustrates the intricate mechanics of a high-performance decentralized ledger technology DLT system

Outlook

Immediate mitigation for users involves revoking approvals for affected Radiant Capital contracts on Arbitrum and BNB Chain. This incident underscores the urgent need for enhanced supply chain security, robust hardware wallet usage with careful transaction verification (avoiding blind signing), and advanced threat detection for developer environments. Protocols should implement more stringent multi-sig operational procedures, including independent verification of transaction payloads. The event will likely drive new security best practices focusing on comprehensive endpoint security for core team members and a re-evaluation of the human element in decentralized governance.

A close-up view presents a high-tech mechanical assembly, featuring a central metallic rod extending from a complex circular structure. This structure comprises a textured grey ring, reflective metallic segments, and translucent outer casing elements, all rendered in cool blue-grey tones

Verdict

This sophisticated multi-signature compromise of Radiant Capital serves as a stark reminder that even robust on-chain governance can be subverted by advanced off-chain attack vectors, necessitating a holistic security posture encompassing both code and human elements.

Signal Acquired from → medium.com/radiant-capital

Micro Crypto News Feeds

supply chain attack

Definition ∞ A supply chain attack targets the software or hardware supply chain of a digital asset service or platform.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

contract

Definition ∞ A 'Contract' is a set of rules and code that automatically executes when predefined conditions are met.

capital

Definition ∞ Capital refers to financial resources deployed for investment, operational expenditure, or the facilitation of economic activity within the digital asset sector.

multi-signature compromise

Definition ∞ A multi-signature compromise refers to a security breach where a significant number of private keys required for a multi-signature wallet or contract are illegally obtained.

bnb chain

BNB Chain ∞ is a decentralized blockchain network that supports smart contracts and decentralized applications.

malware

Definition ∞ Malware is malicious software designed to infiltrate and damage computer systems or steal sensitive information.

human element

Definition ∞ The human element signifies the role of individuals, their decision-making, and behavioral patterns in the context of digital asset systems and markets.

compromise

Definition ∞ A 'compromise' in the digital asset space refers to an agreement reached between differing parties, often involving concessions on key points.

Tags:

Tags: