On October 16, Radiant Capital was attacked, resulting in the theft of more than $50 million. The company has disclosed details of the incident.
Nature of the Attack
The attackers used sophisticated malware to compromise the devices of three developers. This allowed them to sign malicious transactions, which went unnoticed in the Safe{Wallet} interface.
Reasons for the Successful Attack
The breach occurred during a routine emissions adjustment process involving multisignature. Attackers intercepted approved transactions, replacing them with their own to secure signatures.
Consequences and Precautionary Measures
The incident resulted in more than $50 million losses, with funds withdrawn using open approvals. Users are advised to revoke approvals on all chains such as Arbitrum, BSC, Ethereum, and Base.
The incident highlighted the need for enhanced scrutiny and transaction verification on DeFi platforms. Radiant Capital stresses the importance of secure handling of developer devices to prevent similar situations in the future.