Radiant lost $50m on arbitrum and bsc.
Hacker changed owner of poolConfigurator, and upgraded lending pool contract implementation, then drained all pools by calling “transferUnderlyingTo” function.
To change owner, 3 owners of multisig need to sign tx.
Is this private key leak or rug pull?
Also, hacker is moving tokens of users who approved to lending pool, revoke approval asap.
Leave a Reply