QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$53 000 000 USD
OCTOBER 2024
GLOBAL
RADIANT CAPITAL
DESCRIPTION OF EVENTS

"The Radiant DAO’s mission is to unify the billions in fragmented liquidity across Web3 money markets under one safe, user-friendly, capital-efficient omnichain protocol."
"Earn Interest & Borrow Assets Cross-Chain, Seamlessly" "Dynamic liquidity providers share platform fees captured in blue-chip assets"
"Battle-tested and audited by multiple leading security firms. Radiant's security is of the highest priority."
Attackers reportedly "exploited multiple developers' hardware wallets through a highly advanced malware injection". The breach reportedly "occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates."
"Front-end verification of all three multi-signature transactions showed no signs of compromise, aside from Safe App transaction resubmissions due to failures. It is important to highlight that resubmitting Safe transactions due to failures is a common and expected occurrence. Transactions submitted on the Safe front-end can fail due to gas price fluctuations, nonce mismatch, network congestion, insufficient gas limit, smart contract execution errors, token insufficiency, pending transactions, front-end synchronization issues, timeouts, or permission/signature errors in multi-signature setups. As a result, this behavior did not raise immediate suspicion. The malicious actors exploited this normalcy, using the process to collect multiple compromised signatures over several attempts, all while mimicking the appearance of routine transaction failures."
"To underscore the significance of this point, the compromise was completely undetectable during the manual review of the Gnosis Safe UI and Tenderly simulation stages of the routine transaction. This has been confirmed by external security teams, including @_SEAL_Org and @HypernativeLabs."
"Compromised wallets 0x20340c2a71055FD2887D9A71054100FF7F425BE5 (Ledger hardware wallet managed via Rabby) 0x83434627e72d977af18F8D2F26203895050eF9Ce (Ledger hardware wallet managed via Rabby) 0xbB67c265e7197A7c3Cd458F8F7C1d79a2fb04d57 (Trezor hardware wallet managed via Frame) Admin multisig wallets and signature threshold (at time of exploit) Ethereum: 0x0235a22a38Dd09291800e097bD2ebE6e3b4d5F04 (3/9) BSC Chain: 0xE4714D6BD9a6c0F6194C1aa8602850b0a1cE1416 (3/11) Base: 0xBBf7eDF92926b775A434f9DF15860f4CD268B0A0 (3/9) Arbitrum: 0x111CEEee040739fD91D29C34C33E6B3E112F2177 (3/11) Known attackers wallets 0x0629b1048298AE9deff0F4100A31967Fb3f98962 (Main attacker) 0x57ba8957ed2ff2e7ae38f4935451e81ce1eefbf5 (Main attack contract) 0x911215CF312a64C128817Af3c24B9fDF66B7Ac95 (Testing address) 0x97a05becc2e7891d07f382457cd5d57fd242e4e8 (Laundering address) 0x9c5939AAC4f65A0eA233E657507C7b54acDE2841 (Laundering address) 0x8B75E47976C3C500D0148463931717001F620887 (Funds consolidated on Arb + Eth) 0xcF47c058CC4818CE90f9315B478EB2f2d588Cc78 (Funds consolidated on BSC) 0xa0e768a68ba1bfffb9f4366dfc8d9195ee7217d1 (GMX interactions / swaps) 0xc24927Bd40Bab67CcfB2ca0A90d6cbB8Edb21302 (Approvals drainer on Arbitrum) 0x579145D6d1F26a460d9BDD3040C37517dac379ac (Approvals drainer on BSC) 0xC4173a794122644870C8fd07c226acF992507897 (Approvals drainer on BSC + ARB) 0x3D4C56cdB97355807157F5C7d4F54957f0E9af44 (Contract created on 17th October) 0x3c09Ae8571db07a3347c1D577BB9a54F96bFfa24 (Contract created on 17th October) 0xbc20e84d80a684dAEa4468be6F199a233A3d2363 (Test contract) 0x5eb63694A18B618C4EbDd9CA3333fa7f9b8B9cB4 (Related to test contract) 0xD899F3d8ff2A723642d5C55eD1998713C530b7b3 (Related to test contract)"
53m or 48m or 50m depending on source?
"#ancilia_alerts It seems like something happen with @RDNTCapital contract on BSC. We have noticed several transferFrom user's account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke your approval ASAP. It seems like the new implementation had vulnerability functions."
"Radiant Capital has been working very closely with Seal911 and Hypernative and has since implemented stronger multisig controls. The U.S. law enforcement and @zeroshadow_io are fully informed of the breach and are actively working to freeze all stolen assets. The DAO is deeply devastated by this attack and will continue to work tirelessly with the respective agencies to identify the exploiter and recover the stolen funds as quickly as possible."
"The DAO has been working very closely with U.S. law enforcement and ZeroShadow and maintain an excellent relationship with both groups. They are fully informed of the breach and are actively working to freeze all stolen assets. The DAO is deeply devastated by this attack and will continue to remain available 24/7 to assist the respective agencies working to identify the exploiter and recover the stolen funds as quickly as possible."
Radiant Capital is a decentralized autonomous organization which has a goal to unify fragmented liquidity across various money market protocols. Users who provide their capital can expect to earn a portion of the generated fees. Radiant Capital thought it would be a good idea to manage routine smart contract transactions through blind signing on hardware wallets with full permissions. Attackers reportedly "exploited multiple developers' hardware wallets through a highly advanced malware injection". Radiant Capital has thus far released a post-mortem report and there haven't yet been any discussions on recovery for users, other than from tracing down the funds, thus far.
Rekt - Radiant Capital - Rekt II (Oct 18)
https://archive.ph/XWAUF (Oct 18)
Radiant (Oct 18)
@RektHQ Twitter (Oct 18)
@AnciliaInc Twitter (Oct 18)
BNB Smart Chain Transaction Hash (Txhash) Details | BscScan
(Oct 18)
Arbitrum One Transaction Hash (Txhash) Details | Arbitrum One
(Oct 18)
@AnciliaInc Twitter (Oct 18)
@RDNTCapitail Twitter (Oct 18)
Introducing Radiant v2 | Radiant 2.0 (Oct 18)
@RDNTCapital Twitter (Oct 18)
@RDNTCapital Twitter (Oct 18)
@RDNTCapital Twitter (Oct 18)
@RDNTCapital Twitter (Oct 18)
HOME | zeroShadow (Oct 18)
Safe{Wallet} – Welcome (Oct 18)
Radiant Capital Post-Mortem. Events Summary | by Radiant Capital | Oct, 2024 | Medium (Oct 18)
