Radiant Capital has been hacked, and scammers stole about $51.5 million from users on BNB chain & Arbitrum instances. Ancilia Inc., a Web3 security company, warned users on X about the breach a few hours ago
They confirmed that scammers were using a specific contract to take money from user accounts.
The attack began on Wednesday afternoon on Radiant’s Ethereum Layer 2 service and then spread to the BNB Chain. According to Arkham Intelligence, there were many unauthorized transfers from user accounts.
The hacker reportedly uses a TransferFrom function which allows one account to move tokens from another account to a third account. To do this, the victim must give permission to a fake wallet address.
Ancilia advised all users to “revoke your approval ASAP” permissions for any Radiant contracts to protect their funds.
Tony Ke, a security expert from Fuzzland, noted that while the Ethereum and Base systems seem safe, users should still be cautious. He stated, “Radiant Capital has fallen victim to a hack causing $51 million in losses so far across Arbitrum and BNB Chain.”
Ke explained that a backdoor contract was created around 17:09 UTC on Wednesday. This allowed the hacker to access user accounts and start transferring tokens. The investigation suggests that the hack might have come from an internal issue.
Ke mentioned that “someone was either phished or there was a compromised computer” that led to Radiant’s private keys being leaked.
According to the report, the hacker sent wrapped versions of BNB, ETH, USDC, and USDT to a single wallet that starts with 0x0629b. This wallet currently holds over $5 million in BNB and has a total value of $51 million, according to DeBank.
As of press time, the hacker has more than $32 million in Arbitrum-based assets and around $18 million in tokens on the BNB Chain.
Also Read: Hacker Drains $35M in fwdETH Dumps token, causing Price drops
