Odaily News SlowMist released an analysis of the Radiant Capital security incident (Arbitrum chain) on X: Radiant Capital uses a multi-signature wallet (0x111ceeee040739fd91d29c34c33e6b3e112f2177) to manage key operations such as contract upgrades and fund transfers. However, the attacker illegally controlled the permissions of three owners in the multi-signature wallet. Since Radiant Capital's multi-signature wallet uses a 3/11 signature verification model, the attacker first uses the private keys of the three owners to sign off-chain, and then initiates an on-chain transaction from the multi-signature wallet to transfer the ownership of the LendingPoolAddressesProvider contract to the malicious contract controlled by the attacker. Subsequently, the malicious contract calls the setLendingPoolImpl function of the LendingPoolAddressesProvider contract to upgrade the underlying logic contract of the Radiant lending pool to a malicious backdoor contract (0xf0c0a1a19886791c2dd6af71307496b1e16aa232). Finally, the attacker executes the backdoor function to transfer funds from various lending markets to the attack contract.