@n0ther.eth
An alarming wake-up call for the DeFi
Radiant Capital's $50M hack may just be the rain before the arrival of a hurricane ready to hit crypto, as the level of sophistication reached is such that no one can feel truly safe right now
This hack was not caused by carelessness, or failure to follow security best practices, and although an inside job cannot be ruled out, it would not have been sufficient to pull off the heist, as a 3-of-11 multisignature was required on Ledger hardware wallets belonging to long-standing, trusted contributors to the DAO, who were geographically distributed, to reduce the likelihood of a coordinated physical attack
Attackers were able to compromise the devices through a malware injection “in such a way that the front-end of Safe{Wallet} displayed legitimate transaction data while malicious transactions were signed and executed in the background”
Despite multiple layers of verification on auditing tools, the signed transactions appeared normal on the software interface
🧵1/2
1 reply
0 recast
10 reactions