Skip to main content
Security

Radiant Capital Multi-Signature Compromise Drains $58 Million

A sophisticated supply chain attack compromised Radiant Capital's multi-signature governance, enabling unauthorized contract upgrades and draining millions in user assets.
September 29, 20253 min

A close-up view reveals a high-tech device featuring a silver-grey metallic casing with prominent dark blue internal components and accents. A central, faceted blue translucent element glows brightly, suggesting active processing or energy flow within the intricate machinery
A detailed close-up reveals a complex mechanical assembly featuring translucent blue components intricately shaped into a spiral pathway. Encased within are metallic internal mechanisms, including a geared shaft, a central rotor, and a uniquely patterned coupling device, all suggesting dynamic and precise operational interaction

Briefing

The Radiant Capital DeFi lending protocol suffered a significant security breach in October 2024, resulting in an estimated loss of $50 million to $58 million across its Arbitrum and BNB Chain deployments. The incident stemmed from a sophisticated supply chain attack that compromised the protocol’s 3-of-11 multi-signature governance scheme. Attackers leveraged malware to trick signers into approving malicious transactions, ultimately gaining control over critical Pool Provider contracts and enabling unauthorized fund drainage. This event highlights the critical vulnerabilities inherent in complex multi-signature setups and the persistent threat of advanced persistent threat (APT) groups targeting high-value DeFi protocols.

A complex, star-shaped metallic mechanism, featuring four radial arms with circular terminals, sits at the center of a luminous blue, segmented ring. Delicate, web-like frosty structures cling to the metallic components and translucent blue elements, suggesting an advanced state or intricate interconnections within a sophisticated system

Context

Prior to this incident, the DeFi ecosystem had already faced numerous exploits, including flash loan attacks and oracle manipulations, underscoring the inherent risks in smart contract interactions and governance mechanisms. Radiant Capital itself experienced an earlier flash loan attack in January 2024 due to rounding issues. The prevailing attack surface for many protocols included vulnerabilities in off-chain operational security, such as developer machine compromise or phishing, which could lead to the subversion of on-chain controls like multi-signature schemes. The reliance on human signers within multi-sig frameworks introduced a critical human element vulnerability.

The image displays a sleek, translucent device with a central brushed metallic button, surrounded by a vibrant blue luminescence. The device's surface exhibits subtle reflections, highlighting its polished, futuristic design, set against a dark background

Analysis

The attack’s technical mechanics involved a multi-stage supply chain compromise. A Radiant developer received a malicious ZIP file, disguised as a legitimate smart contract auditing report, from a spoofed former contractor. This file delivered sophisticated INLETDRIFT malware, establishing a persistent macOS backdoor. The attackers then used this access to manipulate the Gnosis Safe wallet frontend, displaying legitimate transaction data to signers while simultaneously pushing malicious transactions to their hardware wallets for blind signing.

With compromised signatures, the attacker gained control of the Pool Provider contract, which manages lending pools, and subsequently upgraded the pool contracts to malicious versions. These upgraded contracts retained the original permissions, allowing the attacker to drain user funds from wallets that had previously granted approvals.

A detailed perspective showcases precision-engineered metallic components intricately connected by a translucent, deep blue structural element, creating a visually striking and functional assembly. The brushed metal surfaces exhibit fine texture, contrasting with the smooth, glossy finish of the blue part, which appears to securely cradle or interlock with the silver elements

Parameters

  • Protocol Targeted ∞ Radiant Capital
  • Attack VectorMulti-signature Compromise via Supply Chain Attack and Malware
  • Financial Impact ∞ $50 Million – $58 Million
  • Affected Blockchains ∞ Arbitrum, BNB Chain
  • Malware Used ∞ INLETDRIFT
  • Attacker Affiliation ∞ Suspected DPRK-aligned threat actor (UNC4736)
  • Recent Fund Movement ∞ $14 Million DAI swapped for ETH, $6.5 Million ETH sent to Tornado Cash

A striking abstract visualization centers on a smooth white sphere with a dark, circular core, surrounded by an intricate, radiant explosion of blue crystalline and linear elements, some appearing translucent and others glowing. These structures emanate outwards from the central core, creating a sense of energy and interconnectedness

Outlook

Immediate mitigation for users involves revoking approvals for affected Radiant Capital contracts on Arbitrum and BNB Chain. This incident underscores the urgent need for enhanced supply chain security, robust hardware wallet usage with careful transaction verification (avoiding blind signing), and advanced threat detection for developer environments. Protocols should implement more stringent multi-sig operational procedures, including independent verification of transaction payloads. The event will likely drive new security best practices focusing on comprehensive endpoint security for core team members and a re-evaluation of the human element in decentralized governance.

A radiant white orb sits at the heart of a complex, multi-layered structure featuring sharp, translucent crystal formations and glowing blue circuit pathways. This abstract representation delves into the intricate workings of the blockchain ecosystem, highlighting the interplay between core cryptographic principles and the emergent properties of decentralized networks

Verdict

This sophisticated multi-signature compromise of Radiant Capital serves as a stark reminder that even robust on-chain governance can be subverted by advanced off-chain attack vectors, necessitating a holistic security posture encompassing both code and human elements.

Signal Acquired from ∞ medium.com/radiant-capital

Micro Crypto News Feeds

supply chain attack

Definition ∞ A supply chain attack targets the software or hardware supply chain of a digital asset service or platform.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

contract

Definition ∞ A 'Contract' is a set of rules and code that automatically executes when predefined conditions are met.

capital

Definition ∞ Capital refers to financial resources deployed for investment, operational expenditure, or the facilitation of economic activity within the digital asset sector.

multi-signature compromise

Definition ∞ A multi-signature compromise refers to a security breach where a significant number of private keys required for a multi-signature wallet or contract are illegally obtained.

bnb chain

BNB Chain ∞ is a decentralized blockchain network that supports smart contracts and decentralized applications.

malware

Definition ∞ Malware is malicious software designed to infiltrate and damage computer systems or steal sensitive information.

human element

Definition ∞ The human element signifies the role of individuals, their decision-making, and behavioral patterns in the context of digital asset systems and markets.

compromise

Definition ∞ A 'compromise' in the digital asset space refers to an agreement reached between differing parties, often involving concessions on key points.

Tags:

Tags: