Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
$50 Million Raid: Hackers Exploit Binance Wallet’s DeFi Application

$50 Million Raid: Hackers Exploit Binance Wallet’s DeFi Application

EthnewsEthnews2024/10/18 11:57
By:By Bhushan AkolkarEdited by AnnJoy Makena
  • Over $50 million stolen from the DeFi platform Radiant Capital, integrated within Binance Wallet.
  • Users are urged to revoke permissions to smart contracts via the Binance Web3 wallet to protect their funds.

The decentralized finance (DeFi) sector faced a significant breach this week as Radiant Capital, a lending-focused DeFi application integrated into the Binance Wallet, reported a theft exceeding $50 million. This attack leveraged a vulnerability in one of the application’s smart contracts.

The Vulnerability and Its Exploitation

On October 16, hackers executed a meticulously planned attack on Radiant Capital. By exploiting a smart contract vulnerability, the attackers siphoned off funds from two major blockchain networks: BNB Smart Chain (BSC) and Arbitrum, an Ethereum Layer 2 (L2) scaling solution. This incident marks one of the significant thefts in the DeFi landscape, spotlighting the persistent security challenges within smart contract deployments.

In DeFi platforms, users often grant permissions to smart contracts from their wallets, enabling these contracts to move tokens and perform transactions on their behalf. This is done via the “Approve” function, which sets a limit on the tokens that the contract can handle. In response to the breach, Binance has emphasized the critical need for users to revoke these permissions. Revoking ensures that compromised contracts cannot manipulate user tokens further.

To execute this revocation, users must navigate to the BscScan Token Approval Checker within their Binance Web3 wallet. This tool connects to their wallet and displays a list of all smart contracts authorized to spend their tokens. Users must carefully review these permissions and select those they wish to revoke. Clicking on “Revoke” triggers a signature request in the wallet, and users must then confirm the transaction to complete the revocation process. Similar steps are recommended for contracts on other networks to ensure comprehensive security.

How Did the Attack Unfold?

The breach was orchestrated using a “backdoor contract” implemented into the DeFi infrastructure. Such contracts include hidden access points, allowing attackers to exploit vulnerabilities in the “transferFrom” function—a smart contract function that transfers tokens from one user account to another but only if the user has previously authorized this transfer. In the case of the Radiant Capital hack, attackers exploited weaknesses in the transferFrom implementation to move tokens without proper authorization.

While the transferFrom function is a staple of the Ethereum ERC-20 standard, both BNB Smart Chain and Arbitrum closely relate to this technology. According to Ancilla, a Web3 security firm, this method allowed unauthorized fund withdrawals.

In response to the incident, Radiant Capital has announced a reimbursement of $10 million to affected users and has temporarily shuttered its markets on Base, another L2 of Ethereum, and its main network, which includes BSC and Arbitrum. The platform has stated that it is collaborating with security firms like SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the breach and restore security measures.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

MARA's stock jumps after raising $1 billion via convertible notes to buy more bitcoin

MARA Holdings announced the successful closing of its $1 billion offering of 0% convertible senior notes due 2030.The bitcoin miner plans to allocate around $199 million of the proceeds to repurchase $212 million in principal of its existing convertible notes due 2026. The remaining funds will be used to acquire more bitcoin.

The Block2024/11/21 16:11

Gold loses luster as institutional demand fuels bitcoin price surge, analysts say

Bitcoin’s 46% surge over the past month, contrasted with gold’s 3% decline, highlights a shifting investor preference toward alternative store-of-value assets, analysts say.Derivatives traders are buying up bitcoin call options ahead of Trump’s inauguration, signaling strong bullish sentiment for the beginning of 2024.

The Block2024/11/21 16:11

SEC is 'engaging' Solana ETF applicants: report

SEC “engaging” on Solana ETF applications, sparking optimism for potential approval in 2025.VanEck, 21Shares, and Bitwise lead Solana ETF filings amid pro-crypto White House hopes.SOL token rises 4.6% to $247.91, bolstered by Solana’s strong DeFi ecosystem and demand.

The Block2024/11/21 16:11