Introduction

On October 16, 2024, Radiant Capital, a decentralized finance (DeFi) platform, fell victim to a significant security breach, resulting in the loss of millions of dollars’ worth of crypto assets. This incident serves as a stark reminder of the vulnerabilities that even well-established projects can face in the rapidly evolving space. In this article, we will explore what Radiant Capital’s focus is, the details of the exploit, and provide practical advice for safeguarding your assets from similar attacks.

‍

What is Radiant Capital?

Radiant Capital is a decentralized lending and borrowing protocol, designed to allow users to supply, borrow, and earn interest on digital assets. By leveraging liquidity across multiple chains, Radiant aims to create a seamless DeFi experience, offering competitive interest rates and access to multiple liquidity pools. The platform has gained significant traction, becoming a major player in the DeFi ecosystem.

What Happened and How Did Attackers Hack Radiant Capital?

The Radiant Capital hack on October 16, 2024, resulted in a $53 million loss. The attacker exploited a vulnerability in the protocol's 3-of-11 multi-signature scheme by misleading signers into approving malicious transactions using malware. This malware manipulated the Safe wallet front end, enabling the attacker to take control of Radiant’s Pool Provider contract. The attack then upgraded pool contracts to malicious versions, granting access to funds on multiple chains.

This incident highlighted risks from inadequate private key protection and the importance of stronger multi-sig thresholds.

‍

What Can You Do to Protect Your Project From SuchExploits?

‍The Radiant Capital exploit underscores several key lessons for securing yourDeFi project. Here are three practical measures to consider:‍

Use Dedicated Devices for Critical Operations
Ensure that all key operations, such as initiating, signing, and executing transactions, are carried out using dedicated devices. By isolating these actions from day-to-day operations, you significantly reduce the risk of external access or accidental errors.

Optimize the Number of Multisig Signers
While having multiple signers can distribute responsibility, a large pool like Radiant's (11 signers) may lead to increased risk. A smaller group of trusted signers—ideally between 3 to 5—ensures efficient coordination while maintaining strong security. In this exploit, the attacker had a large pool of signatories to attack, so the probability of infiltrating the devices of 3 out of 11 signatories with malware is much higher than, for example, 3 out of 5. If you still prefer a large pool of signatories, ensure a high threshold—such as 6 out of 11 instead of 3 out of 11—to enhance security.

Monitor Transaction Failures and Halt Processes After Multiple Errors
If you experience repeated transaction failures, it is critical to stop the process immediately and investigate the cause. Radiant’s exploit could have been prevented if their system had halted after the first few transaction failures, instead of allowing further attempts that ultimately led to the breach.

‍

How Lemma Can Help

Lemma provides tailored solutions for setting up secure multisig wallets, minimizing the risk of unauthorized access or operational errors. Our security protocols are extremely stringent and fully aligned with the Cryptocurrency Security Standard (CCSS). Additionally, Lemma employees participate in weekly training sessions on security best practices to stay updated and vigilant. Lemma also offers assistance with the entire transaction lifecycle, from initiation to signing and execution, ensuring that your project follows best practices and avoids potential vulnerabilities. With Lemma, you can set up and manage a streamlined, secure multisig process to protect your assets.

Conclusion

The Radiant Capital exploit serves as a cautionary tale for Web3 projects about the importance of robust security practices, particularly when it comes to transaction management and multisig setups. By implementing dedicated devices for critical operations, optimizing the number of signers, and halting transactions after multiple failures, projects can significantly reduce the risk of exploits. Working with trusted partners like Lemma can further strengthen your defenses, helping to safeguard your assets in an increasingly complex and competitive DeFi landscape.