Radiant Post-Mortem
Contents
Radiant Capital Post-Mortem
Events Summary
On October 16, 2024, Radiant Capital experienced a security breach resulting in the loss of approximately $50 million USD. The attack compromised three Radiant developers, all of whom are long-standing, trusted contributors to the DAO. These developers used hardware wallets and were geographically distributed, reducing the likelihood of a coordinated physical attack.
Attackers were able to compromise the devices of at least these three core contributors through a sophisticated malware injection. These compromised devices were then used to sign malicious transactions.
Although three compromised devices have been confirmed, it is likely that more were targeted — the means by which they were compromised remains unknown and under investigation. The devices were compromised in such a way that the front-end of Safe{Wallet} (f.k.a. Gnosis Safe) displayed legitimate transaction data while malicious transactions were signed and executed in the background. This breach occurred during a routine multi-signature emissions adjustment process, which …
Events Summary
On October 16, 2024, Radiant Capital experienced a security breach resulting in the loss of approximately $50 million USD. The attack compromised three Radiant developers, all of whom are long-standing, trusted contributors to the DAO. These developers used hardware wallets and were geographically distributed, reducing the likelihood of a coordinated physical attack.
Attackers were able to compromise the devices of at least these three core contributors through a sophisticated malware injection. These compromised devices were then used to sign malicious transactions.
Although three compromised devices have been confirmed, it is likely that more were targeted — the means by which they were compromised remains unknown and under investigation. The devices were compromised in such a way that the front-end of Safe{Wallet} (f.k.a. Gnosis Safe) displayed legitimate transaction data while malicious transactions were signed and executed in the background. This breach occurred during a routine multi-signature emissions adjustment process, which …
IoC
https://arbiscan.io/tx/0x7856552db409fe51e17339ab1e0e1ce9c85d68bf0f4de4c110fc4e372ea02fb1
https://bscscan.com/tx/0xd97b93f633aee356d992b49193e60a571b8c466bf46aaf072368f975dc11841c
https://etherscan.io/inputdatadecoder
https://etherscan.io/tx/0x7660429fe97460454e9e7677b14d17496ef5e7619a9cb9fa66626bf49baff533
579145D6d1F26a460d9BDD3040C37517dac379ac
https://basescan.org/tx/0x4e72bb1d48666d732f2e091cecd20b3c34db484bf197ff197e49252069d1d465
https://bscscan.com/tx/0x873c2382689cad921427e30f16a814ffb2c1e2550e316e767e66759f7abf4a34
511e05be6caf926d755ddd13747f193328af5835557c453d91861cfa46eadd77
57ba8957ed2ff2e7AE38F4935451E81Ce1eEFbf5
97a05becc2e7891d07f382457cd5d57fd242e4e8
https://bscscan.com/tx/0x511e05be6caf926d755ddd13747f193328af5835557c453d91861cfa46eadd77
D899F3d8ff2A723642d5C55eD1998713C530b7b3
a0e768a68ba1bfffb9f4366dfc8d9195ee7217d1
7660429fe97460454e9e7677b14d17496ef5e7619a9cb9fa66626bf49baff533
https://etherscan.io/tx/0x7cbff070e7234682ecb7c957b3737bb5b0258a6661a80c870d30dc84ba7716ff
cF47c058CC4818CE90f9315B478EB2f2d588Cc78
84ab76d7a5b8bb4b9b6656f85fe4fec3fc07eab48199c895548324de9c78e725
e71188ce592464b3f680a54f014f61b1eece403f261d39cfbfa0f67ab1d424ed
https://basescan.org/tx/0xe71188ce592464b3f680a54f014f61b1eece403f261d39cfbfa0f67ab1d424ed
https://help.safe.global/en/articles/40831-how-to-verify-safe-transactions-on-a-hardware-wallet
https://bscscan.com/tx/0x722a4557c11f1684f13ff03d4e9d97a89b955088e935e0f3ed7d71e3d2ae0281
20340c2a71055FD2887D9A71054100FF7F425BE5
E4714D6BD9a6c0F6194C1aa8602850b0a1cE1416
8B75E47976C3C500D0148463931717001F620887
09e62251865c7655a23bb8a23c719b1bc629786160ac35a7a56c51a052870d26
9e9eb36b2e2f221b5a04dc378d04518abcaab3a46d612cfffc5583a97b669c26
https://etherscan.io/tx/0xa5dc1b97d72d11940d186596cb7478dedc27c8812c9d3bdf78eba5e8cf4f1006
83434627e72d977af18F8D2F26203895050eF9Ce
4e72bb1d48666d732f2e091cecd20b3c34db484bf197ff197e49252069d1d465
9c5939AAC4f65A0eA233E657507C7b54acDE2841
deee13d47eca82c8a774ec792f823360013f001e93b5abc17cb939f25187d00e
bc20e84d80a684dAEa4468be6F199a233A3d2363
5eb63694A18B618C4EbDd9CA3333fa7f9b8B9cB4
https://etherscan.io/address/0x57ba8957ed2ff2e7AE38F4935451E81Ce1eEFbf5
111CEEee040739fD91D29C34C33E6B3E112F2177
c24927Bd40Bab67CcfB2ca0A90d6cbB8Edb21302
3c09Ae8571db07a3347c1D577BB9a54F96bFfa24
873c2382689cad921427e30f16a814ffb2c1e2550e316e767e66759f7abf4a34
https://arbiscan.io/tx/0x149bd3b684cf63decffbdd1865a20fddf131fb59469d093b2b6d9aa57a0ce4c2
722a4557c11f1684f13ff03d4e9d97a89b955088e935e0f3ed7d71e3d2ae0281
C4173a794122644870C8fd07c226acF992507897
https://basescan.org/address/0x57ba8957ed2ff2e7AE38F4935451E81Ce1eEFbf5
7cbff070e7234682ecb7c957b3737bb5b0258a6661a80c870d30dc84ba7716ff
bB67c265e7197A7c3Cd458F8F7C1d79a2fb04d57
https://basescan.org/tx/0xdeee13d47eca82c8a774ec792f823360013f001e93b5abc17cb939f25187d00e
https://bscscan.com/tx/0x84ab76d7a5b8bb4b9b6656f85fe4fec3fc07eab48199c895548324de9c78e725
BBf7eDF92926b775A434f9DF15860f4CD268B0A0
57ba8957ed2ff2e7ae38f4935451e81ce1eefbf5
0629b1048298AE9deff0F4100A31967Fb3f98962
3D4C56cdB97355807157F5C7d4F54957f0E9af44
65419cd822bb616f2d9dacbcfacf81714761f9815cc26b9451cd70f0348232fa
d97b93f633aee356d992b49193e60a571b8c466bf46aaf072368f975dc11841c
149bd3b684cf63decffbdd1865a20fddf131fb59469d093b2b6d9aa57a0ce4c2
a5dc1b97d72d11940d186596cb7478dedc27c8812c9d3bdf78eba5e8cf4f1006
911215CF312a64C128817Af3c24B9fDF66B7Ac95
7856552db409fe51e17339ab1e0e1ce9c85d68bf0f4de4c110fc4e372ea02fb1
https://etherscan.io/tx/0x09e62251865c7655a23bb8a23c719b1bc629786160ac35a7a56c51a052870d26
https://bscscan.com/address/0x57ba8957ed2ff2e7ae38f4935451e81ce1eefbf5
https://bscscan.com/tx/0x65419cd822bb616f2d9dacbcfacf81714761f9815cc26b9451cd70f0348232fa
0235a22a38Dd09291800e097bD2ebE6e3b4d5F04
https://basescan.org/tx/0x9e9eb36b2e2f221b5a04dc378d04518abcaab3a46d612cfffc5583a97b669c26
https://arbiscan.io/address/0x57ba8957ed2ff2e7ae38f4935451e81ce1eefbf5
https://bscscan.com/tx/0xd97b93f633aee356d992b49193e60a571b8c466bf46aaf072368f975dc11841c
https://etherscan.io/inputdatadecoder
https://etherscan.io/tx/0x7660429fe97460454e9e7677b14d17496ef5e7619a9cb9fa66626bf49baff533
579145D6d1F26a460d9BDD3040C37517dac379ac
https://basescan.org/tx/0x4e72bb1d48666d732f2e091cecd20b3c34db484bf197ff197e49252069d1d465
https://bscscan.com/tx/0x873c2382689cad921427e30f16a814ffb2c1e2550e316e767e66759f7abf4a34
511e05be6caf926d755ddd13747f193328af5835557c453d91861cfa46eadd77
57ba8957ed2ff2e7AE38F4935451E81Ce1eEFbf5
97a05becc2e7891d07f382457cd5d57fd242e4e8
https://bscscan.com/tx/0x511e05be6caf926d755ddd13747f193328af5835557c453d91861cfa46eadd77
D899F3d8ff2A723642d5C55eD1998713C530b7b3
a0e768a68ba1bfffb9f4366dfc8d9195ee7217d1
7660429fe97460454e9e7677b14d17496ef5e7619a9cb9fa66626bf49baff533
https://etherscan.io/tx/0x7cbff070e7234682ecb7c957b3737bb5b0258a6661a80c870d30dc84ba7716ff
cF47c058CC4818CE90f9315B478EB2f2d588Cc78
84ab76d7a5b8bb4b9b6656f85fe4fec3fc07eab48199c895548324de9c78e725
e71188ce592464b3f680a54f014f61b1eece403f261d39cfbfa0f67ab1d424ed
https://basescan.org/tx/0xe71188ce592464b3f680a54f014f61b1eece403f261d39cfbfa0f67ab1d424ed
https://help.safe.global/en/articles/40831-how-to-verify-safe-transactions-on-a-hardware-wallet
https://bscscan.com/tx/0x722a4557c11f1684f13ff03d4e9d97a89b955088e935e0f3ed7d71e3d2ae0281
20340c2a71055FD2887D9A71054100FF7F425BE5
E4714D6BD9a6c0F6194C1aa8602850b0a1cE1416
8B75E47976C3C500D0148463931717001F620887
09e62251865c7655a23bb8a23c719b1bc629786160ac35a7a56c51a052870d26
9e9eb36b2e2f221b5a04dc378d04518abcaab3a46d612cfffc5583a97b669c26
https://etherscan.io/tx/0xa5dc1b97d72d11940d186596cb7478dedc27c8812c9d3bdf78eba5e8cf4f1006
83434627e72d977af18F8D2F26203895050eF9Ce
4e72bb1d48666d732f2e091cecd20b3c34db484bf197ff197e49252069d1d465
9c5939AAC4f65A0eA233E657507C7b54acDE2841
deee13d47eca82c8a774ec792f823360013f001e93b5abc17cb939f25187d00e
bc20e84d80a684dAEa4468be6F199a233A3d2363
5eb63694A18B618C4EbDd9CA3333fa7f9b8B9cB4
https://etherscan.io/address/0x57ba8957ed2ff2e7AE38F4935451E81Ce1eEFbf5
111CEEee040739fD91D29C34C33E6B3E112F2177
c24927Bd40Bab67CcfB2ca0A90d6cbB8Edb21302
3c09Ae8571db07a3347c1D577BB9a54F96bFfa24
873c2382689cad921427e30f16a814ffb2c1e2550e316e767e66759f7abf4a34
https://arbiscan.io/tx/0x149bd3b684cf63decffbdd1865a20fddf131fb59469d093b2b6d9aa57a0ce4c2
722a4557c11f1684f13ff03d4e9d97a89b955088e935e0f3ed7d71e3d2ae0281
C4173a794122644870C8fd07c226acF992507897
https://basescan.org/address/0x57ba8957ed2ff2e7AE38F4935451E81Ce1eEFbf5
7cbff070e7234682ecb7c957b3737bb5b0258a6661a80c870d30dc84ba7716ff
bB67c265e7197A7c3Cd458F8F7C1d79a2fb04d57
https://basescan.org/tx/0xdeee13d47eca82c8a774ec792f823360013f001e93b5abc17cb939f25187d00e
https://bscscan.com/tx/0x84ab76d7a5b8bb4b9b6656f85fe4fec3fc07eab48199c895548324de9c78e725
BBf7eDF92926b775A434f9DF15860f4CD268B0A0
57ba8957ed2ff2e7ae38f4935451e81ce1eefbf5
0629b1048298AE9deff0F4100A31967Fb3f98962
3D4C56cdB97355807157F5C7d4F54957f0E9af44
65419cd822bb616f2d9dacbcfacf81714761f9815cc26b9451cd70f0348232fa
d97b93f633aee356d992b49193e60a571b8c466bf46aaf072368f975dc11841c
149bd3b684cf63decffbdd1865a20fddf131fb59469d093b2b6d9aa57a0ce4c2
a5dc1b97d72d11940d186596cb7478dedc27c8812c9d3bdf78eba5e8cf4f1006
911215CF312a64C128817Af3c24B9fDF66B7Ac95
7856552db409fe51e17339ab1e0e1ce9c85d68bf0f4de4c110fc4e372ea02fb1
https://etherscan.io/tx/0x09e62251865c7655a23bb8a23c719b1bc629786160ac35a7a56c51a052870d26
https://bscscan.com/address/0x57ba8957ed2ff2e7ae38f4935451e81ce1eefbf5
https://bscscan.com/tx/0x65419cd822bb616f2d9dacbcfacf81714761f9815cc26b9451cd70f0348232fa
0235a22a38Dd09291800e097bD2ebE6e3b4d5F04
https://basescan.org/tx/0x9e9eb36b2e2f221b5a04dc378d04518abcaab3a46d612cfffc5583a97b669c26
https://arbiscan.io/address/0x57ba8957ed2ff2e7ae38f4935451e81ce1eefbf5