- Radiant capital has been exploited.
- Experts reported that the attackโs โroot cause is not new.โ
- The protocol lost millions in ETH following the attack.
Cross-chain lending protocol Radiant Capital has temporarily suspended lending and borrowing markets on Arbitrum following a multimillion-dollar exploit on one of its new USD Coin (USDC) markets.
On January 3, multiple blockchain security firms reported that the lending protocol was targeted in a flash loan attack, with PeckShield noting that โthe root cause is not new.โ
Radiant Capital Exploited for $4.5 Million
According to PeckShieldโs report on X (Twitter), the hacker behind Radiant Capitalโs attack sniped the new USDC market deployment and exploited it six seconds after the activation. The security firm revealed how this happened.
Sponsored
โIt basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding issue in current Compound/Aave codebase,โ PeckShield wrote.
Another report by blockchain security firm Beosin described how the attacker โmanipulated the index parameterโ to become extremely large, which led to a cumulative precision error.
โSince the index parameter was dramatically inflated, this precision error was also magnified, ultimately allowing the attacker to profit through repeated deposit() and withdraw() operations.โ Beosin wrote on X.
Per the reports by both security firms, the attack led to a loss of 1,900 Ethereum (about $4.5 million), which Radiant Capital confirmed in a follow-up update.
Radiant Capital Confirms the Attack
In an update issued a few hours after reports on the attack, Radiant Capital confirmed that it had been alerted to an โissue with the newly created native USDC market on Arbitrum.โ Still, it reiterated that โno current fundsโ were at risk.
Noting that it would share a detailed postmortem once the issue was resolved, the protocol clarified that โno action can be taken until the markets are unpaused on Arbitrum.โ The protocol had not issued any further update at press time.
Read how the Orbit Bridge was recently attacked:
Orbit Cross-Chain Bridge Hit for $82 Million
Stay updated on Orbit Bridgeโs efforts to recover stolen funds:
Orbit Eyes Stolen $82 Million Recovery with Amped Effortsย