Radiant Capital Hack 2024 — $58M Exploit Analysis

Radiant Capital's multisig signers were tricked by malware into approving malicious contract upgrades, resulting in $58M stolen.

Details

Full Description

Three Radiant Capital multisig signers had their hardware wallets compromised via sophisticated malware. The malware intercepted signing requests, displaying legitimate-looking transaction data on screen while actually signing a malicious contract upgrade. The upgraded contracts contained backdoors allowing the attacker to drain lending pools.

Laundering Analysis

Stolen funds moved cross-chain via bridges. ETH portion deposited into Tornado Cash. Token assets converted to ETH via aggregators before mixing. Lazarus Group attributed as responsible by US government advisories. Radiant Capital partnered with Mandiant and law enforcement but no recoveries made.

Sources

Transaction Hashes

Related Hacks

Back to Browse