Hacker Exploits Radiant Capital for $4.5 Million Ethereum

Radiant Capital protocol fell victim to a flash loan attack that drained ETH worth millions in six seconds.

Three hooded figures approaching a blue star in a wireframe landscape.
Created by Gabor Kovacs from DailyCoin
  • Radiant capital has been exploited.
  • Experts reported that the attack’s “root cause is not new.”
  • The protocol lost millions in ETH following the attack.

Cross-chain lending protocol Radiant Capital has temporarily suspended lending and borrowing markets on Arbitrum following a multimillion-dollar exploit on one of its new USD Coin (USDC) markets.

On January 3, multiple blockchain security firms reported that the lending protocol was targeted in a flash loan attack, with PeckShield noting that “the root cause is not new.”

Radiant Capital Exploited for $4.5 Million

According to PeckShield’s report on X (Twitter), the hacker behind Radiant Capital’s attack sniped the new USDC market deployment and exploited it six seconds after the activation. The security firm revealed how this happened.

“It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding issue in current Compound/Aave codebase,” PeckShield wrote.

Another report by blockchain security firm Beosin described how the attacker “manipulated the index parameter” to become extremely large, which led to a cumulative precision error.

“Since the index parameter was dramatically inflated, this precision error was also magnified, ultimately allowing the attacker to profit through repeated deposit() and withdraw() operations.” Beosin wrote on X.

Per the reports by both security firms, the attack led to a loss of 1,900 Ethereum (about $4.5 million), which Radiant Capital confirmed in a follow-up update.

Radiant Capital Confirms the Attack

In an update issued a few hours after reports on the attack, Radiant Capital confirmed that it had been alerted to an “issue with the newly created native USDC market on Arbitrum.” Still, it reiterated that “no current funds” were at risk.

Noting that it would share a detailed postmortem once the issue was resolved, the protocol clarified that “no action can be taken until the markets are unpaused on Arbitrum.” The protocol had not issued any further update at press time.

Read how the Orbit Bridge was recently attacked:
Orbit Cross-Chain Bridge Hit for $82 Million

Stay updated on Orbit Bridge’s efforts to recover stolen funds:
Orbit Eyes Stolen $82 Million Recovery with Amped Efforts 

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Brian Danga

Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.