Radiant Capital suffered an exploit across chains, several blockchain security firms said Wednesday, as the project confirmed that an “issue” had emerged with its lending markets.

Blockchain security firm Ancilia Inc. first reported suspicious activity on a Radiant Capital smart contract on BNB Chain at 1:35pm ET on Wednesday in a Twitter (aka X) post. A list of on-chain transactions appeared to show hackers had drained at least $16 million from Radiant on BNB, according to Ancilia.

Assets were then drained from Radiant's pools on Ethereum layer-2 network Arbitrum. Hacken, another security firm, said in a tweet that roughly $50 million in digital assets appear to have been siphoned from various trading pools on Radiant, including those holding USDT, USDC, and ARB. 

Radiant Capital confirmed in a Twitter post on Wednesday that suspicious activity was occurring on its protocol, stopping short of labeling the incident a cybersecurity incident.

“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum,” the project said. “We are working with SEAL911, Hypernative, ZeroShadow, and Chainalysis and will provide an update as soon as possible.”

Radiant Capital has paused markets on Ethereum and layer-2 network Base “until further notice,” according to the protocol's statement. It has also advised its users to revoke all permissions to the smart contracts that power its protocol. Revoke.Cash has launched a page that lets users find out whether they're at risk.

Radiant Capital did not immediately respond to Decrypt's request for comment. 

This isn't the first time Radiant Capital has lost funds in a cybersecurity incident. In January, the protocol lost more than $4.5 million to a flash loan-based exploit on Arbitrum.

Edited by Andrew Hayward