- Radiant capital has been exploited.
- Experts reported that the attack’s “root cause is not new.”
- The protocol lost millions in ETH following the attack.
Cross-chain lending protocol Radiant Capital has temporarily suspended lending and borrowing markets on Arbitrum following a multimillion-dollar exploit on one of its new USD Coin (USDC) markets.
On January 3, multiple blockchain security firms reported that the lending protocol was targeted in a flash loan attack, with PeckShield noting that “the root cause is not new.”
Radiant Capital Exploited for $4.5 Million
According to PeckShield’s report on X (Twitter), the hacker behind Radiant Capital’s attack sniped the new USDC market deployment and exploited it six seconds after the activation. The security firm revealed how this happened.
Sponsored
“It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding issue in current Compound/Aave codebase,” PeckShield wrote.
Another report by blockchain security firm Beosin described how the attacker “manipulated the index parameter” to become extremely large, which led to a cumulative precision error.
“Since the index parameter was dramatically inflated, this precision error was also magnified, ultimately allowing the attacker to profit through repeated deposit() and withdraw() operations.” Beosin wrote on X.
Per the reports by both security firms, the attack led to a loss of 1,900 Ethereum (about $4.5 million), which Radiant Capital confirmed in a follow-up update.
Radiant Capital Confirms the Attack
In an update issued a few hours after reports on the attack, Radiant Capital confirmed that it had been alerted to an “issue with the newly created native USDC market on Arbitrum.” Still, it reiterated that “no current funds” were at risk.
Sponsored
Noting that it would share a detailed postmortem once the issue was resolved, the protocol clarified that “no action can be taken until the markets are unpaused on Arbitrum.” The protocol had not issued any further update at press time.
Read how the Orbit Bridge was recently attacked:
Orbit Cross-Chain Bridge Hit for $82 Million
Stay updated on Orbit Bridge’s efforts to recover stolen funds:
Orbit Eyes Stolen $82 Million Recovery with Amped Efforts