ChainCatcher news, according to a report by Cointelegraph, Radiant Capital stated in an updated investigation report on December 6 that the cybersecurity company Mandiant has assessed with high confidence that the attack was carried out by threat actors affiliated with North Korea (DPRK).The platform mentioned that a Radiant developer received a Telegram message on September 11, which contained a compressed file from a "trusted former contractor," requesting feedback on a new project they were planning. Upon review, this message was suspected to be from threat actors allied with North Korea impersonating the former contractor. "This ZIP file, when shared with other developers for feedback, ultimately delivered malware that facilitated the subsequent intrusion."Radiant Capital believes that the threat actors responsible for the incident are referred to as "UNC4736"—reportedly associated with North Korea's main intelligence agency, the Reconnaissance General Bureau (RGB), and speculated to be a subgroup of the hacking organization Lazarus Group.Previous report stated that the cross-chain lending protocol Radiant Capital suffered a cyber attack, resulting in losses exceeding $50 million.

ChainCatcher news, Radiant Capital's official report on the October theft has been released today.Radiant Capital stated that although the investigation is still ongoing, the security company Mandiant is highly confident that the attack was carried out by malicious actors linked to North Korea.ChainCatcher previously reported that according to information disclosed by the security company Ancilia, the cross-chain lending protocol Radiant Capital suffered a cyber attack on the early morning of October 17, resulting in losses exceeding $50 million. Radiant is controlled by a multi-signature wallet (referred to as "multisig"), and it is claimed that the attackers gained control of the private keys of multiple signers, subsequently taking control of several smart contracts.

ChainCatcher message, Bithumb announced that Radiant Capital (RDNT) has been removed from trading support by members of the Digital Asset Exchange Alliance (DAXA). DAXA members may take action to protect investors. The trading termination time is December 12 at 14:00, and withdrawals will be terminated on January 10, 2025, at 14:00.

ChainCatcher news, according to the official announcement, the South Korean cryptocurrency exchange Bithumb is expected to delist Radiant Capital (RDNT) spot trading on December 12, 2024.

ChainCatcher news, Radiant Capital posted on X that after successfully restoring the lending market on the Ethereum mainnet this week, the lending market on the Base network has also been restored and is fully operational.The delay was due to the need for additional transactions after activating the time lock, involving the transfer of the emergency admin role to a new multi-signature wallet. This multi-signature wallet is now operational and is only used for emergencies, with permissions limited to pausing and resuming the market when necessary.Previous report, Radiant Capital's official social media post reviewed that the protocol experienced a highly complex security vulnerability on the 16th, resulting in a loss of $50 million. The attacker exploited multiple developers' hardware wallets through highly advanced malware injection.

ChainCatcher news, according to CertiK monitoring, the largest hacker losses so far in October are due to private key leaks. In the third quarter, most losses were caused by PKC and phishing. Since the beginning of this month, CertiK has recorded 3 major PKC incidents, with total losses of approximately 60 million dollars: of which Radiant Capital is about 55 million dollars, Tapioca DAO about 4.5 million dollars, and Burve Protocol about 500 thousand dollars.

ChainCatcher news, according to PeckShieldAlert monitoring, the hacker address involved in the Radiant Capital attack has bridged almost all stolen funds from Arbitrum and BNB to the Ethereum network, totaling approximately 20,500 ETH, worth about 52 million USD.

ChainCatcher message, Radiant Capital has issued a reminder on X regarding the security incident, stating that all users need to take immediate action to protect their wallets.If you have ever interacted with Radiant (or believe you may have), you must immediately revoke authorization for the affected contracts, or you risk having your funds stolen. Please use revoke.cash to protect your assets by removing any permissions to prevent further losses. Radiant will continue to fully track and freeze the stolen funds and work closely with security experts and law enforcement.It is reported that Radiant Capital was previously hacked, resulting in a loss of $53 million.

ChainCatcher message, the Safe team reviewed the security incident mentioned in the post-mortem report of Radiant Capital, noting that the Safe {Wallet} front-end functioned normally, but external devices were compromised during the signing process, allowing hackers to replace transaction data and trick signers into signing malicious transactions.The Safe team believes this incident highlights the risks of blind signing, where users approve transactions without fully viewing the transaction details, especially when using hardware wallets. To address this issue, Safe recommends using multiple signing devices from different vendors (for example, a combination of Ledger and Trezor) and connecting these devices through trusted interfaces to enhance transaction visibility and security.Additionally, Safe is exploring technologies like conditional signing to provide more contextual information without sacrificing security. The Safe team is considering directly calculating the Ledger hash in its interface so that users can verify the hash displayed on the hardware wallet and the interface. The Safe team emphasizes that all parties in the ecosystem need to collaborate to address the blind signing issue and is committed to working with hardware wallet providers and the community to improve transaction and message signing processes.

ChainCatcher news, Radiant Capital's official social media post reviewed that the protocol experienced a highly complex security vulnerability on the 16th, resulting in a loss of $50 million. The attacker exploited multiple developers' hardware wallets through highly advanced malware injection.During the intrusion, the front end of Safe Wallet (also known as Gnosis Safe) displayed legitimate transaction data, while the poisoned transactions were signed and executed in the background. This vulnerability occurred during a routine multi-signature emission adjustment process, which is conducted regularly to adapt to market conditions and utilization rates. DAO contributors strictly adhered to many industry standard operating procedures throughout the process. Each transaction was simulated on Tenderly to ensure accuracy and was individually reviewed by multiple developers at each signature stage. During these reviews, neither Tenderly nor the front-end checks in Safe showed any anomalies. To emphasize the importance of this, it was completely undetectable during the manual review of the Gnosis Safe UI and the Tenderly simulation of regular transactions, as confirmed by external security teams.Radiant Capital stated that it has been working closely with Seal911 and Hypernative and has implemented more robust multi-signature controls. The FBI and zeroShadow are fully aware of the violations and are actively working to freeze all stolen assets. The DAO is deeply disturbed by this attack and will continue to work tirelessly with relevant agencies to identify the attackers and recover the stolen funds as soon as possible.

ChainCatcher news, according to iChainfo monitoring, the hacker of Radiant Capital has just transferred 706 ETH to a new address, approximately worth 1.84 million USD.

ChainCatcher news, Slow Mist releases an analysis of the Radiant Capital security incident (Arbitrum chain):Radiant Capital uses a multi-signature wallet (0x111ceeee040739fd91d29c34c33e6b3e112f2177) to manage key operations such as contract upgrades and fund transfers. However, the attacker illegally gained control of the owner permissions of 3 out of the 11 owners of the multi-signature wallet.Since Radiant Capital's multi-signature wallet employs a 3/11 signature verification model, the attacker first used the private keys of these 3 owners to perform off-chain signatures, and then initiated an on-chain transaction from the multi-signature wallet to transfer the ownership of the LendingPoolAddressesProvider contract to a malicious contract controlled by the attacker.Subsequently, the malicious contract called the setLendingPoolImpl function of the LendingPoolAddressesProvider contract, upgrading the underlying logic contract of the Radiant lending pool to a malicious backdoor contract (0xf0c0a1a19886791c2dd6af71307496b1e16aa232).Finally, the attacker executed the backdoor function, transferring funds from various lending markets into the attack contract.Previous news, Radiant Capital suffered a cyber attack, resulting in losses exceeding $50 million.

ChainCatcher news, according to Cointelegraph, Radiant Capital and two cybersecurity companies disclosed that after a cybersecurity breach exceeding $50 million occurred on the BNB Chain and Arbitrum, Radiant Capital has suspended its lending market.Web3 cybersecurity company De.Fi Antivirus stated on the X platform: "By exploiting the 'transferFrom' function on the BSC and ARB chains, the attacker targeted the Radiant Capital contract, stealing user funds including USDC, WBNB, ETH, and more. This attack resulted in approximately $58 million in stolen funds." This is in line with estimates from another cybersecurity company, Ancilia Inc., which estimated the losses to be around $50 million. Radiant is controlled by a multi-signature wallet, and the attacker gained control of the private keys of multiple signers, subsequently taking control of several smart contracts.Radiant stated in a post on the X platform: "We are aware of the issues with the Radiant lending market on the BNB Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow, and Chainalysis and will provide updates as soon as possible. The markets on Base and the mainnet will be suspended until further notice."

ChainCatcher news, according to information disclosed by the security company Ancilia, the cross-chain lending protocol Radiant Capital suffered a cyber attack in the early hours of October 17, resulting in losses exceeding $50 million. Radiant is controlled by a multi-signature wallet (referred to as "multisig"), and it is claimed that the attacker gained control of the private keys of multiple signers, subsequently taking control of several smart contracts.Arkham data shows that the suspect's wallet holds over $32 million in assets based on Arbitrum and approximately $18 million in BNB Chain tokens.

ChainCatcher news, according to the official announcement, Binance has now completed the integration of Radiant Capital (RDNT) on the Base network and has opened deposit and withdrawal services.

ChainCatcher news, according to official information, the multi-chain lending protocol Radiant Capital community has voted to approve the "Inclusion of USDe in Ethereum and Arbitrum Deployment" RFP proposal.The proposal includes seeking approval to incorporate USDe as an acceptable form of collateral and lending market in Radiant Capital's Ethereum and Arbitrum deployments. Based on the defined parameters, the team will implement the necessary updates to integrate USDe as collateral and in the lending market with the aforementioned parameters. Additionally, the user interface will be updated to reflect the new functionality of using USDe as collateral and in the lending market.

According to ChainCatcher news, a Snapshot shows that Radiant Capital has proposed to add USDe to the Radiant lending market and as collateral, with plans to deploy on Ethereum and Arbitrum, currently achieving a support rate of 99.54%.Among them, the LTV on Ethereum is 72%, and the LT is 75%, meaning that for every 1 USDe, assets worth 0.72 USD can be borrowed, and liquidation will occur after a 3% depegging.

ChainCatcher news, Radiant Capital announced on social media that the ARB STIP rewards have been launched in the Arbitrum weETH market.It is reported that ether.fi has increased its points multiplier to 3 times, supplementing the existing rewards: staking, re-staking, Radiant's base market interest rate, RDNT release, and 1x EigenLayer points.