A serious security breach has occurred at Radiant Capital, a cross-chain money market. The exploit began on Wednesday afternoon on the Arbitrum network and subsequently spread to the BNB Chain.
The attack appears to involve a “transferFrom” exploit, where malicious actors trick victims into granting permission to interact with a fraudulent wallet address.
This allows the attackers to transfer funds from the victim’s account to their own. Ancilia is urging Radiant users to revoke all permissions for Radiant contract addresses as a precautionary measure.
Security researcher Tony Ke from Fuzzland has confirmed the hack and estimated the losses to exceed $51 million across Arbitrum and BNB Chain.
While the Ethereum and Base deployments of Radiant Capital seem to be unaffected, Ke advises caution when interacting with these contracts at this time.