Hacker Exploits Radiant Capital for $4.5 Million Ethereum

Radiant Capital protocol fell victim to a flash loan attack that drained ETH worth millions in six seconds.

Three hooded figures approaching a blue star in a wireframe landscape.
Created by Gabor Kovacs from DailyCoin
  • Radiant capital has been exploited.
  • Experts reported that the attackโ€™s โ€œroot cause is not new.โ€
  • The protocol lost millions in ETH following the attack.

Cross-chain lending protocol Radiant Capital has temporarily suspended lending and borrowing markets on Arbitrum following a multimillion-dollar exploit on one of its new USD Coin (USDC) markets.

On January 3, multiple blockchain security firms reported that the lending protocol was targeted in a flash loan attack, with PeckShield noting that โ€œthe root cause is not new.โ€

Radiant Capital Exploited for $4.5 Million

According to PeckShieldโ€™s report on X (Twitter), the hacker behind Radiant Capitalโ€™s attack sniped the new USDC market deployment and exploited it six seconds after the activation. The security firm revealed how this happened.

Sponsored

โ€œIt basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding issue in current Compound/Aave codebase,โ€ PeckShield wrote.

Another report by blockchain security firm Beosin described how the attacker โ€œmanipulated the index parameterโ€ to become extremely large, which led to a cumulative precision error.

โ€œSince the index parameter was dramatically inflated, this precision error was also magnified, ultimately allowing the attacker to profit through repeated deposit() and withdraw() operations.โ€ Beosin wrote on X.

Per the reports by both security firms, the attack led to a loss of 1,900 Ethereum (about $4.5 million), which Radiant Capital confirmed in a follow-up update.

Radiant Capital Confirms the Attack

In an update issued a few hours after reports on the attack, Radiant Capital confirmed that it had been alerted to an โ€œissue with the newly created native USDC market on Arbitrum.โ€ Still, it reiterated that โ€œno current fundsโ€ were at risk.

Noting that it would share a detailed postmortem once the issue was resolved, the protocol clarified that โ€œno action can be taken until the markets are unpaused on Arbitrum.โ€ The protocol had not issued any further update at press time.

Read how the Orbit Bridge was recently attacked:
Orbit Cross-Chain Bridge Hit for $82 Million

Stay updated on Orbit Bridgeโ€™s efforts to recover stolen funds:
Orbit Eyes Stolen $82 Million Recovery with Amped Effortsย 

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Brian Danga

Brian Danga is a crypto reporter at DailyCoin covering breaking news. Brian has minor holdings in Bitcoin and Ethereum.

Read more