Radiant Capital is back in action after a painful setback, having resumed its Ethereum lending markets following a hack that resulted in $58 million loss in digital assets.
Security upgrades
On November 1, the lending protocol announced that it had implemented several security upgrades to prevent future incidents.
One major change was transferring ownership into a timelock contract, which enforces a mandatory 72-hour waiting period for any adjustments. This move is designed to bolster Radiant’s security and give the team more time to react to potential threats.
Also, Radiant introduced an emergency admin role that uses a multisignature setup. This role allows designated members to pause and unpause the lending markets as needed, adding another layer of protection.
The DAO also adjusted its multisignature security requirements, reducing the number of signers needed from eight to seven, with a four-out-of-seven signing threshold.
Multisignature wallets enhance security by requiring multiple signatures to complete crypto transactions. This approach helps eliminate risks associated with relying on a single private key.
A wake-up call
These security upgrades come after Radiant Capital faced a serious breach that forced them to halt their lending markets on October 16.
An attacker managed to gain control of several signers’ private keys and smart contracts, allowing them to siphon off over $50 million in crypto.
In a post-mortem released on October 18, Radiant confirmed that at least three of its core developers had their devices compromised through malware.
This malware made it appear as though legitimate transaction data was being displayed while malicious transactions were secretly signed and executed in the background.
High tuition
The well-known security expert Patrick Collins described the incident as a “$50 million lesson” for the DeFi community, and he pointed out that there’s a significant educational gap when it comes to verifying transactions with hardware wallets.
As for the hacker, they’ve already moved about $52 million of the stolen funds. Blockchain security firm PeckShield shared that the exploiter had transferred “nearly all” of the stolen assets by October 24.
Phishing attacks have been rampant in the crypto world, leading to millions in losses. For example, on August 21, a phishing scam drained $55 million in stablecoins after a whale accidentally signed a transaction that transferred ownership of their funds to attackers.
In light of these incidents, hardware wallet company Ledger also emphasized the need for clearer signing processes in crypto transactions.
Ledger CEO Pascal Gauthier previously stated that the industry should move away from blind signing practices and has partnered with various organizations to promote clearer signing initiatives.
