Crypto newsHot news

Radiant Capital halts Arbitrum markets after reported $4.5M flash loan attack.

Blockchain security firms said the issue was caused by a “known rounding issue” in the codebase.

Cross-chain lending protocol Radiant Capital has paused its lending and borrowing markets on Arbitrum after receiving reports of a $4.5 million exploit affecting one of its newly created USDC Coin (USDC) markets.

“Today, we received a report of an issue with the newly created native USDC market on Arbitrum,”

Radiant in a Jan. 3 post on X (formerly Twitter) said, which they added was later validated by Radiant developers and the wider cybersecurity community.

Radiant Capital was subject to a flash-loan-based exploit upon launching the new native USDC market on Arbitrum on January 2nd at 06:53:29 PM +UTC, leading to the protocol accruing bad debt in the WETH market totaling about 1.3% of total protocol TVL. 1/10— Radiant Capital (@RDNTCapital) January 3, 2024

Blockchain security firm Beosin described the exploit as a flash loan attack — with the attacker exploiting a “rounding issue” in the codebase, “which led to a cumulative precision error.”

This ultimately allowed the “attacker to profit through repeated deposit() and withdraw() operations,” it wrote in a Jan. 3 post on X.

An earlier Jan. 2 post from PeckShield also identified the issue as caused by a “known rounding issue” in the current Compound/Aave codebase.

“The root cause is not new: It exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave),” it added.

Radiant Capital @RDNTCapital was under a flash loan attack with a loss of $4.5M.

The attacker manipulated the index parameter (which later served as a denominator) to become extremely large. The contract has a rounding issue in its…— Beosin Alert (@BeosinAlert) January 3, 2024

The exploiter managed to siphon a total of $4.5 million in Ether ETH$2,237 from the protocol, according to data from Arbitrum block explorer Arbiscanner.

Radiant has since paused lending and borrowing markets on Arbitrum and reassured investors that no additional funds are currently at risk.

It promised a detailed postmortem and pledged to restore normal operations once the investigation was completed.

“As a reminder, no action can be taken until the markets are unpaused on Arbitrum,” Radiant added.

Related: Cross-chain Orbit Bridge Reportedly Suffers $82M Exploit.

Meanwhile, Crypto X has already been flooded with fake Radiant Capital accounts posting phishing links purporting to help users revoke approvals.

Radiant Capital halts Arbitrum markets
A fake Radiant Capital account attempts to trick unsuspecting users into clicking phishing links. Source: X

Radiant Capital is a decentralized borrowing and lending protocol with cross-chain functionality built using LayerZero technology.

The protocol currently has around $315 million in total value locked, according to DefiLlama.

mike berdoni

Ai senior consultant

Related Articles

Back to top button
WP Twitter Auto Publish Powered By :