Radiant Capital halts Arbitrum markets after reported $4.5M flash loan attack
Cross-chain lending protocol Radiant Capital has paused its lending and borrowing markets on Arbitrum after receiving reports of a $4.5 million exploit affecting one of its newly created USDC Coin (USDC) markets.
“Today, we received a report of an issue with the newly created native USDC market on Arbitrum,” said Radiant in a Jan. 3 post on X (formerly Twitter). Later in the day, Radiant confirmed it they were subject to a “flash-loan based exploit.”
"The emergency administrative controls were invoked by the Radiant DAO Council to pause all markets on Arbitrum to mitigate any further damage," it added.
Radiant Capital was subject to a flash-loan-based exploit upon launching the new native USDC market on Arbitrum on January 2nd at 06:53:29 PM +UTC, leading to the protocol accruing bad debt in the WETH market totaling about 1.3% of total protocol TVL. 1/10
— Radiant Capital (@RDNTCapital) January 3, 2024
Blockchain security firm Beosin described the exploit as a flash loan attack — with the attacker exploiting a “rounding issue” in the codebase, “which led to a cumulative precision error.”
This ultimately allowed the “attacker to profit through repeated deposit() and withdraw() operations,” it wrote in a Jan. 3 post on X.
An earlier Jan. 2 post from PeckShield also identified the issue as caused by a “known rounding issue” in the current Compound/Aave codebase.
“The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave),” it added.
Radiant Capital @RDNTCapital was under a flash loan attack with a loss of $4.5M.
— Beosin Alert (@BeosinAlert) January 3, 2024
Attacker: https://t.co/L7fXlF8VXP
The attacker manipulated the index parameter (which later served as a denominator) to become extremely large. The contract has a rounding issue in its… pic.twitter.com/8AdY7pjaKE
The exploiter managed to siphon a total of $4.5 million in Ether ( ETH ) from the protocol, according to data from Arbitrum block explorer Arbiscanner.
Radiant has since paused lending and borrowing markets on Arbitrum and reassured investors that no additional funds are currently at risk. It promised a detailed postmortem and pledged to restore normal operations once the investigation was completed.
“As a reminder, no action can be taken until the markets are unpaused on Arbitrum,” Radiant added.
Related: Orbit Bridge hack pushes December crypto theft to nearly $100M
Meanwhile, Crypto X has already been flooded with fake Radiant Capital accounts posting phishing links purporting to help users revoke approvals.
A fake Radiant Capital account attempts to trick unsuspecting users into clicking phishing links. Source: XRadiant Capital is a decentralized borrowing and lending protocol with cross-chain functionality built using LayerZero technology. The protocol currently has around $315 million in total value locked, according to DefiLlama.
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks
Update (Jan 4, 4:19 am UTC): This article has been updated to include the latest X post from Radiant Capital confirming the type of attack.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Hold BGB and Win Big: 10,000 BGB and Exclusive Luxury Prizes Await!
Ready to join the BGB wealth feast? Bitget is kicking off an extraordinary reward storm! To celebrate the launch of the BGB Holders Community, we’ve prepared 10,000 BGB and luxury prizes! You are just one step away from winning! Promotion period: November 29, 2024, 10:00 - December 16, 2024, 10:00
Notice on Delisting Postponement for GFT/USDT
On November 28, the Bitget team detected an abnormal surge in the on-chain issuance of GFT tokens. A large volume of these tokens was deposited into centralized exchanges and subsequently sold off. To minimize the impact of this anomaly on our users, Bitget has temporarily suspended GFT deposits an
What Will Happen in the Bitcoin Price in the Coming Days? Has the Peak Been Reached or Is There Still Room to Rise? Here are the Opinions of the Anal
What kind of price movements will Bitcoin, the world's largest cryptocurrency, experience in the coming days? Here are the opinions.
This Artificial Intelligence Robot Keeps 40.000 Dollars in His Wallet: It Will Send It All To Whoever Convinces It
In the cryptocurrency world, different applications continue to emerge every day. This time, an artificial intelligence robot is on the agenda.