"Fully decentralised" Radiant Capital protocol suffers loss due to blind signing

Radiant Capital - a crypto platform trusted by 155,000+ users has just had a major setback.

Despite having undergone multiple successful audits with "some of the world’s best auditing firms, such as Open Zeppelin, Blocksec, Zokyo, & Peckshield"

nothing can fix smart contracts that are centralised by having just a few private key holders.

All that was needed for the hackers to steal funds was 3 out of 7 of the team members to authorise the transaction.

This attack occurred because hardware wallets only show a hash of the smart contract transaction, obscuring the details of what's really being signed.

As an aside, AirGap Vault & Wallet solves this blind signing issue by decoding the transaction before you sign it on an offline mobile device.¹

Alarmingly, most layer 2 networks with billions of dollars of investor funds are secured by similar processes!

Investors who rely on centralised, low threshold multi-signature contracts are at risk.

Tezos has a layer 2 network called Etherlink which has governance smart contracts governed by the layer one Tezos validators, ensuring high decentralisation and safety of funds.

Staking on Tezos is a safer way to invest in crypto that doesn't use a smart contract. It's actually fully decentralised with over 300 validators.