Turbulent Start of 2024: Gamma Strategies, Radiant Capital Hacks and Solana Drainers

Two Web3 projects have already suffered losses totaling almost $8 million, and cybersecurity teams anticipate a rise in attacks targeting SOL holders.

A thief wearing a radiant suit
The most recent security incident has impacted Gamma Strategies, resulting in a loss of over $3.4 million.

Following a significant attack on the multi-asset blockchain Orbit Chain, which shocked the crypto community amid New Year's Eve celebrations with a staggering loss of $81.5 million, more protocols have fallen victim to cybercriminals.

The latest exploit has targeted the active liquidity management protocol Gamma Strategies, which had detected the security incident and announced it five hours before this publication.

Read also: Losses to Web3 Exploits Surpassed $2.48 Billion in 2023

According to the cybersecurity firm CertiK, Gamma Strategies fell victim to a series of flashloan attacks on its Arbitrum contracts, involving price manipulation. This malicious activity allowed the attacker to steal 1535 ETH, valued at nearly $3.43 million, which was subsequently bridged to Ethereum.

In response to the attack, Gamma Strategies prioritized preventing losses for its users and partners. To thwart the attacker from draining funds, Gamma temporarily halted deposits for all public vaults and hypervisors. However, users retain the ability to withdraw their funds, and the vaults are reportedly being managed normally at press time.

This incident occurred closely following an exploit on the Radiant protocol, which, as reported by CertiK, resulted in a loss of around $4.5 million. The Web3 security team provided details on the hacker's actions, involving the inflation of the liquidity index and the exploitation of a rounding issue within the rayDiv() function during deposit() and withdraw() operations.

The team behind the compromised protocol claims that it "was subject to a flash-loan-based exploit upon launching the new native USDC market on Arbitrum on January 2nd at 06:53:29 PM +UTC, leading to the protocol accruing bad debt in the WETH market totaling about 1.3% of total protocol TVL."

Radiant Capital impersonators on X
Source, SlowMist, X

Interestingly, before the official announcement of the exploit, Radiant Capital had informed its X community about an issue with the newly created native USDC market on Arbitrum. This issue likely facilitated the criminal's exploitation of the protocol. At that time, Radiant Capital asserted that no funds were at risk after pausing the Arbitrum markets. However, was unclear whether this announcement referred to assets other than those already stolen.

As of the publication time, Radiant Protocol is actively investigating the exploit, planning to collaborate with law enforcement officials. The focus is on resolving the technical issues that led to the exploit, ensuring users' safety upon the resumption of the protocol's markets.

Scammers capitalizing on the recent exploits

In the aftermath of recent exploits, scammers within the cryptocurrency space have swiftly seized the opportunity to impersonate compromised projects, aiming to lure affected users into fraudulent reimbursement programs. On-chain investigator ScammoonR has uncovered one X account posing as Gamma Strategies, promoting a link that connects users to a drainer. Despite this account being a verified X profile, its name is misspelled as GammaStratcgics. ScammoonR notes, "Thousands of people have retweeted and clicked this link."

At the time of publication, scammers had also targeted the Radiant Capital account. Despite assurances from the protocol team that Radiant is solvent and a remediation plan for bad debt is in place, scammers employed sophisticated impersonation tactics spreading misinformation about refunds.

SlowMist, a Web3 security team, warns the community against scam messages from fake Radiant Capital accounts left under legitimate posts by the company, further complicating the identification process. Such a phishing strategy makes it rather challenging for users to distinguish between scammers and the authentic team behind the compromised project.

The emergence of Solana drainers

In mid-December, following the closure of the notorious scam vendor Inferno Drainer, another phishing group, Angel Drainer, made headlines. Cybersecurity teams, including SlowMist, detected its connection between Angel Drainer and a major exploit of Ledger Connect Kit, resulting in a loss of nearly $600,000. CertiK has now cautioned the crypto community, particularly SOL holders, about the emergence of new Solana drainers.

Read also: Loch Debunks Rumors about Blast’s Connection with Inferno Drainer

"We have observed a high demand for this network [Solana] and decided to develop a unique product that stands unmatched in the market," one of such scam vendors wrote on December 18, adding that "this decision was driven by numerous requests from valued customers."

Solana Drainer advertisement
Source: CertiK, X

This specific phishing team provides an enticing remuneration of 80% for profits, along with various features such as the issuance of native coins, logs on Telegram, a script for the efficient withdrawal of approved assets, and straightforward steak withdrawal.