区块链借贷协议 Radiant Capital 今年因第二次区块链漏洞损失 5000 万美元

攻击者似乎已经获得了升级协议所需的 11 个私钥中的 3 个。

Web3 lending protocol Radiant Capital lost over $50 million on Wednesday in a blockchain exploit, according to security experts and blockchain data.

根据安全专家和区块链数据，Web3 借贷协议 Radiant Capital 周三因区块链漏洞损失超过 5000 万美元。

An attacker gained control of Radiant's blockchain contracts by obtaining three of the "private keys" that control the protocol, security experts said.

安全专家表示，攻击者通过获取控制协议的三个“私钥”来控制 Radiant 的区块链合约。

"Radiant Capital contracts were exploited on BSC & ARB chains with the 'transferFrom' function," Web3 security firm De.Fi explained on X. The exploit allowed attackers to "drain users' funds, namely $USDC $WBNB $ETH and others," the firm said.

Web3 安全公司 De.Fi 在 X 上解释说：“Radiant Capital 合约在 BSC 和 ARB 链上通过‘transferFrom’功能被利用。”该漏洞允许攻击者“耗尽用户的资金，即 $USDC、$WBNB、$ETH 等”。 “该公司表示。

Radiant is controlled by a multi-signature, or "multisig" wallet with 11 signers, De.Fi said in a separate X post. The attacker was apparently able to obtain three of these signers' "private keys," which was enough to upgrade the platform's smart contracts.

De.Fi 在另一篇 X 帖子中表示，Radiant 由具有 11 个签名者的多重签名或“多重签名”钱包控制。攻击者显然能够获得其中三个签名者的“私钥”，这足以升级平台的智能合约。

The Radiant platform encompasses a suite of tools allowing users to borrow, lend, and bridge cryptocurrencies across blockchains.

Radiant 平台包含一套工具，允许用户在区块链上借入、借出和桥接加密货币。

It's the second time this year that the protocol has been targeted in an exploit: In January, Radiant lost $4.5 million in an unrelated hack stemming from a bug in its smart contracts.

这是该协议今年第二次成为攻击目标：1 月份，Radiant 在一次因智能合约漏洞而引发的不相关黑客攻击中损失了 450 万美元。

It was unclear at press time how the private keys were sabotaged in Wednesday's attack. Some members of an Ethereum security group on Telegram, the messaging app, speculated that the attack could've stemmed from a compromised front-end – meaning the legitimate Radiant key-holders may have accidentally interacted with a malware-laced protocol.

截至发稿时，尚不清楚周三的攻击中私钥是如何被破坏的。消息应用程序 Telegram 上的以太坊安全小组的一些成员推测，这次攻击可能源于受损的前端，这意味着合法的 Radiant 密钥持有者可能意外地与带有恶意软件的协议进行了交互。

Radiant acknowledged the exploit in a post to its official X account, but it did not provide specific details.

Radiant 在其官方 X 帐户的帖子中承认了该漏洞，但没有提供具体细节。

"We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum," Radiant said. "We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon surprising as possible. Markets on Base and Mainnet are paused until further notice."

Radiant 表示：“我们意识到币安链和 Arbitrum 上的 Radiant 借贷市场存在问题。” “我们正在与 SEAL911、Hypernative、ZeroShadow 和 Chainaanalysis 合作，并将尽快提供令人惊讶的更新。Base 和主网上的市场已暂停，直至另行通知。”

Radiant, which is controlled by a decentralized autonomous community, or DAO, states on its website that its mission is to "unify the billions in fragmented liquidity across Web3 money markets under one safe, user-friendly, capital-efficient omnichain."

Radiant 由去中心化自治社区 (DAO) 控制，在其网站上表示，其使命是“将 Web3 货币市场上数十亿分散的流动性统一到一个安全、用户友好、资本高效的全链下”。

This is a developing story. Radiant did not immediately respond to a request for comment.

这是一个发展的故事。 Radiant 没有立即回应置评请求。