- Over $50 million stolen from the DeFi platform Radiant Capital, integrated within Binance Wallet.
- Users are urged to revoke permissions to smart contracts via the Binance Web3 wallet to protect their funds.
The decentralized finance (DeFi) sector faced a significant breach this week as Radiant Capital, a lending-focused DeFi application integrated into the Binance Wallet, reported a theft exceeding $50 million. This attack leveraged a vulnerability in one of the application’s smart contracts.
The Vulnerability and Its Exploitation
On October 16, hackers executed a meticulously planned attack on Radiant Capital. By exploiting a smart contract vulnerability, the attackers siphoned off funds from two major blockchain networks: BNB Smart Chain (BSC) and Arbitrum, an Ethereum Layer 2 (L2) scaling solution. This incident marks one of the significant thefts in the DeFi landscape, spotlighting the persistent security challenges within smart contract deployments.
In DeFi platforms, users often grant permissions to smart contracts from their wallets, enabling these contracts to move tokens and perform transactions on their behalf. This is done via the “Approve” function, which sets a limit on the tokens that the contract can handle. In response to the breach, Binance has emphasized the critical need for users to revoke these permissions. Revoking ensures that compromised contracts cannot manipulate user tokens further.
To execute this revocation, users must navigate to the BscScan Token Approval Checker within their Binance Web3 wallet. This tool connects to their wallet and displays a list of all smart contracts authorized to spend their tokens. Users must carefully review these permissions and select those they wish to revoke. Clicking on “Revoke” triggers a signature request in the wallet, and users must then confirm the transaction to complete the revocation process. Similar steps are recommended for contracts on other networks to ensure comprehensive security.
How Did the Attack Unfold?
The breach was orchestrated using a “backdoor contract” implemented into the DeFi infrastructure. Such contracts include hidden access points, allowing attackers to exploit vulnerabilities in the “transferFrom” function—a smart contract function that transfers tokens from one user account to another but only if the user has previously authorized this transfer. In the case of the Radiant Capital hack, attackers exploited weaknesses in the transferFrom implementation to move tokens without proper authorization.
While the transferFrom function is a staple of the Ethereum ERC-20 standard, both BNB Smart Chain and Arbitrum closely relate to this technology. According to Ancilla, a Web3 security firm, this method allowed unauthorized fund withdrawals.
In response to the incident, Radiant Capital has announced a reimbursement of $10 million to affected users and has temporarily shuttered its markets on Base, another L2 of Ethereum, and its main network, which includes BSC and Arbitrum. The platform has stated that it is collaborating with security firms like SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the breach and restore security measures.