Radiant Capital attackers used malware to hijack developer wallets and swipe over $50 million in assets.

According to Radiant Capital’s post-mortem report, the attack on Oct. 16, 2024, which led to losses upwards of $50 million, was “one of the most sophisticated hacks ever recorded in DeFi.”

The attackers compromised the hardware wallets of at least three Radiant developers through a sophisticated malware injection, though it is believed that more devices may have been targeted. 

The malware manipulated the front-end interface of Safe{Wallet} (formerly known as Gnosis Safe), displaying legitimate transaction data to the developers while executing malicious transactions in the background.