Slow Fog releases Radiant Capital security incident analysis: Attackers illegally control 3 owner permissions in the multi-signature wallet

2024-10-17 12:17:18

Collection

ChainCatcher news, Slow Mist releases an analysis of the Radiant Capital security incident (Arbitrum chain):

Radiant Capital uses a multi-signature wallet (0x111ceeee040739fd91d29c34c33e6b3e112f2177) to manage key operations such as contract upgrades and fund transfers. However, the attacker illegally gained control of the owner permissions of 3 out of the 11 owners of the multi-signature wallet.

Since Radiant Capital's multi-signature wallet employs a 3/11 signature verification model, the attacker first used the private keys of these 3 owners to perform off-chain signatures, and then initiated an on-chain transaction from the multi-signature wallet to transfer the ownership of the LendingPoolAddressesProvider contract to a malicious contract controlled by the attacker.

Subsequently, the malicious contract called the setLendingPoolImpl function of the LendingPoolAddressesProvider contract, upgrading the underlying logic contract of the Radiant lending pool to a malicious backdoor contract (0xf0c0a1a19886791c2dd6af71307496b1e16aa232).

Finally, the attacker executed the backdoor function, transferring funds from various lending markets into the attack contract.

Previous news, Radiant Capital suffered a cyber attack, resulting in losses exceeding $50 million.

(Source Link)

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.