区块链借贷协议 Radiant Capital 今年第二次被利用损失 5000 万美元

攻击者似乎已经获得了升级协议所需的 11 个私钥中的 3 个。

Web3 lending protocol Radiant Capital lost over $50 million on Wednesday in an apparent cyberattack, according to security firms and blockchain data.

根据安全公司和区块链数据，Web3 借贷协议 Radiant Capital 周三在一次明显的网络攻击中损失了超过 5000 万美元。

An attacker gained control of Radiant's blockchain contracts by obtaining three of the "private keys" that control the protocol, security experts said.

安全专家表示，攻击者通过获取控制协议的三个“私钥”来控制 Radiant 的区块链合约。

CoinDesk Live at Avalanche Summit 2024 Day 1 | Partner Content

CoinDesk 于 2024 年雪崩峰会第一天现场直播 |合作伙伴内容

"Radiant Capital contracts were exploited on BSC & ARB chains with the 'transferFrom' function," Web3 security firm De.Fi explained on X. The exploit allowed attackers to "drain users' funds, namely $USDC $WBNB $ETH and others," the firm said.

Web3 安全公司 De.Fi 在 X 上解释说：“Radiant Capital 合约在 BSC 和 ARB 链上通过‘transferFrom’功能被利用。”该漏洞允许攻击者“耗尽用户的资金，即 $USDC、$WBNB、$ETH 等”。 “该公司表示。

Radiant is controlled by a multi-signature, or "multisig" wallet with 11 signers, De.Fi said in a separate X post. The attacker was apparently able to obtain three of these signers' "private keys," which was enough to upgrade the platform's smart contracts.

De.Fi 在另一篇 X 帖子中表示，Radiant 由具有 11 个签名者的多重签名或“多重签名”钱包控制。攻击者显然能够获得其中三个签名者的“私钥”，这足以升级平台的智能合约。

Radiant allows users to borrow, lend and bridge cryptocurrencies across blockchains. It's the second time this year that the protocol has been hit by an exploit; in January, Radiant lost $4.5 million in an unrelated hack that stemmed from a bug in its smart contracts.

Radiant 允许用户在区块链上借入、借出和桥接加密货币。这是该协议今年第二次遭受漏洞攻击。今年 1 月，Radiant 在一次无关的黑客攻击中损失了 450 万美元，该黑客攻击源于其智能合约中的一个错误。

It was unclear at press time how the private keys were compromised in Wednesday's attack. Some members of an Ethereum security group on Telegram speculated that the attack could've stemmed from a compromised front-end – meaning the legitimate Radiant key-holders may have accidentally interacted with a malware-laced protocol.

截至发稿时，尚不清楚私钥是如何在周三的攻击中被泄露的。 Telegram 上以太坊安全小组的一些成员推测，这次攻击可能源于受损的前端，这意味着合法的 Radiant 密钥持有者可能意外地与带有恶意软件的协议进行了交互。

Radiant acknowledged the exploit in a post to its official X account, but it did not provide specific details.

Radiant 在其官方 X 帐户的帖子中承认了该漏洞，但没有提供具体细节。

"We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum," Radiant said. "We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice."

Radiant 表示：“我们意识到币安链和 Arbitrum 上的 Radiant 借贷市场存在问题。” “我们正在与 SEAL911、Hypernative、ZeroShadow 和 Chainaanalysis 合作，并将尽快提供更新。Base 和主网上的市场已暂停，直至另行通知。”

Radiant, which is governed by a decentralized autonomous community (DAO), states on its website that its mission is to "unify the billions in fragmented liquidity across Web3 money markets under one safe, user-friendly, capital-efficient omnichain" protocol.

Radiant 由去中心化自治社区 (DAO) 管理，在其网站上表示，其使命是“将 Web3 货币市场上数十亿分散的流动性统一到一个安全、用户友好、资本高效的全链协议下”。

This is a developing story. Radiant Capital did not immediately respond to a request for comment.

这是一个发展的故事。 Radiant Capital没有立即回应置评请求。

UPDATE (20:45 UTC, 16/10/24): Adds background information regarding Radiant and another hack in January, 2024.

更新（世界标准时间 20:45，24 年 10 月 16 日）：添加有关 Radiant 和 2024 年 1 月另一次黑客攻击的背景信息。

Edited by Bradley Keoun.

布拉德利·科恩编辑。

Sign up for The Protocol, our weekly newsletter exploring the tech behind crypto one block at a time.

订阅《协议》，这是我们的每周时事通讯，一次探索一个区块背后的加密技术。

By clicking ‘Sign Up’, you agree to receive newsletter from CoinDesk as well as other partner offers and accept our terms of services and privacy policy.

点击“注册”，即表示您同意接收来自 CoinDesk 的新闻通讯以及其他合作伙伴优惠，并接受我们的服务条款和隐私政策。

Disclosure

披露

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.

请注意，我们的隐私政策、使用条款、cookies 以及不出售我的个人信息均已更新。CoinDesk 是一家涵盖加密货币行业的屡获殊荣的媒体机构。其记者遵守一套严格的编辑政策。 CoinDesk 采用了一系列旨在确保其出版物的完整性、编辑独立性和无偏见的原则。 CoinDesk 是 Bullish 集团的一部分，该集团拥有并投资数字资产业务和数字资产。 CoinDesk 员工，包括记者，可能会获得 Bullish 集团基于股权的薪酬。 Bullish 由科技投资者 Block.one 孵化。

Sam is CoinDesk's deputy managing editor for tech and protocols. He reports on decentralized technology, infrastructure and governance. He owns ETH and BTC.

Sam 是 CoinDesk 负责技术和协议的副总编辑。他报告了去中心化技术、基础设施和治理。他拥有 ETH 和 BTC。