Radiant Capital suffered a complex hacker attack involving Trojans, hardware wallet interception software and other technologies

Wu said that according to the analysis of Twitter user @danielvf, the hacker attack on Radiant Capital yesterday was caused by the attacker implanting a Trojan program on the computers of multiple team members, inducing the hardware wallet to sign a malicious transferOwnership() operation, transferring control of the lending pool to the attacker. The attacker then deployed the transferFrom code to continue stealing funds from the user's authorized account. There is currently no sign that the hardware wallet itself has been compromised. The initial judgment is that the signature request was intercepted and replaced on the team member's computer. The complexity of this attack is far beyond the general attack, involving Trojan programs, hardware wallet interception software, smart contract writing, understanding organizational structure and signing process, and other technologies, and the attacker also prepared a money laundering exit plan. To prevent such attacks, users are advised to strengthen time locks and governance processes, and immediately stop signing and investigate when the signature is abnormal (for example, the signature on the hardware wallet does not generate a signature visible to others in Gnosis Safe).

Wu said that Radiant Capital officially responded to the hacker attack by tweeting that they are working closely with Seal911 and Hypernative and have implemented stronger multi-signature control measures. At the same time, the FBI and ZeroShadow have fully intervened in this security incident and are actively working to freeze all stolen assets. Official recommendations for preventing such attacks include: multi-layer signature verification, independent verification equipment, enhanced Ledger/Trezor security, error-triggered audits, and manual inspection of transaction loads.