Skip to main content
Security

Radiant Capital Multi-Signature Compromise Drains $58 Million

A sophisticated supply chain attack compromised Radiant Capital's multi-signature governance, enabling unauthorized contract upgrades and draining millions in user assets.
September 29, 20253 min

A detailed view showcases an advanced mechanical system, featuring a complex array of silver metallic parts and striking blue structural components. Intricate gears, precisely placed wiring, and robust connectors highlight the system's sophisticated engineering
Radiant blue crystals, reminiscent of abstract sapphires, burst outwards from a central, subtly patterned white sphere. A clean white band encircles this crystalline cluster, evoking a sense of structured movement

Briefing

The Radiant Capital DeFi lending protocol suffered a significant security breach in October 2024, resulting in an estimated loss of $50 million to $58 million across its Arbitrum and BNB Chain deployments. The incident stemmed from a sophisticated supply chain attack that compromised the protocol’s 3-of-11 multi-signature governance scheme. Attackers leveraged malware to trick signers into approving malicious transactions, ultimately gaining control over critical Pool Provider contracts and enabling unauthorized fund drainage. This event highlights the critical vulnerabilities inherent in complex multi-signature setups and the persistent threat of advanced persistent threat (APT) groups targeting high-value DeFi protocols.

The image presents a striking abstract visualization of interconnected technological units, dominated by a central, clearly defined structure. This primary unit features two transparent, faceted spheres glowing with blue light and intricate internal patterns, joined by a clean white mechanical connector

Context

Prior to this incident, the DeFi ecosystem had already faced numerous exploits, including flash loan attacks and oracle manipulations, underscoring the inherent risks in smart contract interactions and governance mechanisms. Radiant Capital itself experienced an earlier flash loan attack in January 2024 due to rounding issues. The prevailing attack surface for many protocols included vulnerabilities in off-chain operational security, such as developer machine compromise or phishing, which could lead to the subversion of on-chain controls like multi-signature schemes. The reliance on human signers within multi-sig frameworks introduced a critical human element vulnerability.

A detailed perspective showcases precision-engineered metallic components intricately connected by a translucent, deep blue structural element, creating a visually striking and functional assembly. The brushed metal surfaces exhibit fine texture, contrasting with the smooth, glossy finish of the blue part, which appears to securely cradle or interlock with the silver elements

Analysis

The attack’s technical mechanics involved a multi-stage supply chain compromise. A Radiant developer received a malicious ZIP file, disguised as a legitimate smart contract auditing report, from a spoofed former contractor. This file delivered sophisticated INLETDRIFT malware, establishing a persistent macOS backdoor. The attackers then used this access to manipulate the Gnosis Safe wallet frontend, displaying legitimate transaction data to signers while simultaneously pushing malicious transactions to their hardware wallets for blind signing.

With compromised signatures, the attacker gained control of the Pool Provider contract, which manages lending pools, and subsequently upgraded the pool contracts to malicious versions. These upgraded contracts retained the original permissions, allowing the attacker to drain user funds from wallets that had previously granted approvals.

A large, irregularly shaped celestial body, half vibrant blue and half textured grey, is prominently featured, encircled by multiple translucent blue rings. Smaller, similar asteroid-like spheres, some partially blue, are scattered around, with one enclosed within a clear circular boundary, all against a gradient background transitioning from light to dark grey

Parameters

  • Protocol Targeted ∞ Radiant Capital
  • Attack VectorMulti-signature Compromise via Supply Chain Attack and Malware
  • Financial Impact ∞ $50 Million – $58 Million
  • Affected Blockchains ∞ Arbitrum, BNB Chain
  • Malware Used ∞ INLETDRIFT
  • Attacker Affiliation ∞ Suspected DPRK-aligned threat actor (UNC4736)
  • Recent Fund Movement ∞ $14 Million DAI swapped for ETH, $6.5 Million ETH sent to Tornado Cash

A close-up view presents a central spherical construct composed of countless dark blue, geometrically faceted crystals, intensely glowing with bright blue light from within. This luminous sphere is encircled and connected by smooth, matte white orbital rings and smaller white spherical nodes, with similar, out-of-focus structures receding into the dark background

Outlook

Immediate mitigation for users involves revoking approvals for affected Radiant Capital contracts on Arbitrum and BNB Chain. This incident underscores the urgent need for enhanced supply chain security, robust hardware wallet usage with careful transaction verification (avoiding blind signing), and advanced threat detection for developer environments. Protocols should implement more stringent multi-sig operational procedures, including independent verification of transaction payloads. The event will likely drive new security best practices focusing on comprehensive endpoint security for core team members and a re-evaluation of the human element in decentralized governance.

A highly detailed render showcases intricate glossy blue and lighter azure bands dynamically interwoven around dark, metallic, rectangular modules. The reflective surfaces and precise engineering convey a sense of advanced technological design and robust construction

Verdict

This sophisticated multi-signature compromise of Radiant Capital serves as a stark reminder that even robust on-chain governance can be subverted by advanced off-chain attack vectors, necessitating a holistic security posture encompassing both code and human elements.

Signal Acquired from ∞ medium.com/radiant-capital

Micro Crypto News Feeds

supply chain attack

Definition ∞ A supply chain attack targets the software or hardware supply chain of a digital asset service or platform.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

contract

Definition ∞ A 'Contract' is a set of rules and code that automatically executes when predefined conditions are met.

capital

Definition ∞ Capital refers to financial resources deployed for investment, operational expenditure, or the facilitation of economic activity within the digital asset sector.

multi-signature compromise

Definition ∞ A multi-signature compromise refers to a security breach where a significant number of private keys required for a multi-signature wallet or contract are illegally obtained.

bnb chain

BNB Chain ∞ is a decentralized blockchain network that supports smart contracts and decentralized applications.

malware

Definition ∞ Malware is malicious software designed to infiltrate and damage computer systems or steal sensitive information.

human element

Definition ∞ The human element signifies the role of individuals, their decision-making, and behavioral patterns in the context of digital asset systems and markets.

compromise

Definition ∞ A 'compromise' in the digital asset space refers to an agreement reached between differing parties, often involving concessions on key points.

Tags:

Tags: