Radiant Capital, a prominent cross-chain lending protocol, has temporarily suspended its lending and borrowing markets on the Arbitrum blockchain due to a substantial security breach.
Reports indicate that a flash loan attack resulted in the unauthorized withdrawal of approximately $4.5 million in Ether from one of its newly established USDC Coin (USDC) markets. Radiant Capital developers and the wider cybersecurity community confirmed the incident.
Flash loan attack exploits rounding issue
The security breach was orchestrated through a flash loan attack, with the attacker exploiting a critical “rounding issue” within the protocol’s codebase. This flaw led to a cumulative precision error, enabling the attacker to profit through repeated deposit() and withdraw() operations within the system.
Beosin, a blockchain security firm, provided insights into the nature of the exploit, characterizing it as a known issue originating from the current Compound/Aave codebase.
PeckShield, in an earlier report on January 2, identified the root cause of the attack as a “known rounding issue” within the Compound/Aave codebase. This vulnerability was previously associated with activating new markets in lending protocols.
In this case, the attacker exploited a specific time window during the activation of a newly created native USDC market on Arbitrum, which was based on the popular Compound/Aave protocols.
The exploit resulted in the illicit withdrawal of a staggering $4.5 million worth of Ether from Radiant Capital’s protocol. Data from the Arbitrum block explorer Arbiscanner confirmed the extent of the breach. Following the discovery of the attack, Radiant Capital took immediate action to pause its lending and borrowing markets on Arbitrum.
Investor reassurance and investigation
Radiant Capital has moved swiftly to address the situation and assure its users. The protocol emphasized that no additional funds were currently at risk and pledged to conduct a comprehensive postmortem analysis of the security breach. Normal operations will be reinstated once the investigation is completed and necessary security measures are in place.
In the wake of the security incident, fraudulent Radiant Capital accounts have emerged across various crypto forums, particularly on Crypto X, attempting to deceive users with phishing links purporting to help revoke approvals. This has raised concerns within the crypto community about the potential for further security threats and scams targeting Radiant Capital’s users.
Radiant Capital: A decentralized lending protocol
Radiant Capital is a decentralized borrowing and lending protocol that offers cross-chain functionality, utilizing LayerZero technology. The platform currently boasts a total value locked (TVL) of approximately $315 million, as reported by DefiLlama.
The security breach on the Arbitrum blockchain has prompted Radiant Capital to take proactive measures to safeguard its users’ assets and restore confidence in its platform.
