TechFlow news — On October 17, blockchain security firm SlowMist released an analysis of the Radiant Capital security incident. The attacker illegally obtained control of three owners’ keys in Radiant Capital’s multi-signature wallet (address: 0x111ceeee040739fd91d29c34c33e6b3e112f2177). Since this multisig wallet uses a 3/11 signature verification scheme, the attacker used these three private keys to perform off-chain signing and then initiated on-chain transactions to transfer ownership of the LendingPoolAddressesProvider contract to a malicious contract controlled by the attacker.
The attacker subsequently called the setLendingPoolImpl function through the malicious contract, upgrading the underlying logic contract of the Radiant Lending Pool to a backdoored malicious contract (address: 0xf0c0a1a19886791c2dd6af71307496b1e16aa232). Finally, the attacker executed the backdoor function to drain funds from various lending markets into the attacker’s contract.
To protect user funds, SlowMist recommends that users immediately revoke approvals for the following addresses:
- Ethereum Mainnet: 0xA950974f64aA33f27F6C5e017eEE93BF7588ED07
- Arbitrum: 0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
- BSC: 0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
- Base: 0x30798cFe2CCa822321ceed7e6085e633aAbC492F




