Rekt reports that Radiant Capital lost more than $53 million after an attacker gained control of at least three signers in the protocol's 3-of-11 multisig setup. The attacker transferred ownership of lending pool contracts to malicious contracts, upgraded the pool implementations, and drained funds on BSC and Arbitrum while dormant malicious contracts also existed on Ethereum and Base. Ancilia first warned about suspicious BSC activity, Radiant later paused markets and told users to revoke approvals across Arbitrum, BSC, Ethereum, and Base. The source points to weeks of preparation, including malicious contracts deployed 14 days before the theft and a failed Arbitrum attempt six days earlier.