TechFlow reports on October 18 that Radiant Capital announced on social media that the protocol suffered a highly sophisticated security breach on the 16th, resulting in a loss of $50 million. The attacker successfully compromised the hardware wallet security of multiple developers through an advanced malware injection technique. The attack exhibited the following characteristics:
-
Attack Method: The attacker used advanced malware to covertly alter transaction data within Safe (formerly Gnosis Safe) multi-signature wallets.
-
Timing: The exploit occurred during a routine multi-sig rebalancing process, a regular operation conducted by the protocol to adapt to market conditions and usage rates.
-
Complexity: Despite DAO contributors strictly adhering to industry-standard operating procedures—including transaction simulation on Tenderly and manual review by multiple developers at each signing stage—the attack successfully bypassed these safeguards.
-
Stealthiness: External security teams, including SEAL and Hypernative, have confirmed that this attack was entirely undetectable during manual reviews of the Gnosis Safe user interface and Tenderly simulations.
Radiant Capital stated it is working closely with Seal911 and Hypernative, and has implemented stronger multi-signature controls. Meanwhile, the FBI and ZeroShadow have fully engaged in the investigation and are actively working to freeze all stolen assets.
Radiant Capital’s DAO expressed deep shock over the incident and pledged to continue cooperating with relevant agencies to swiftly identify the attacker and recover the stolen funds.




