Vote for Cryptopolitan on Binance Square Creator Awards 2024. Click here to support our content!

Exploit halts cross-chain lending on Radiant Capital’s Arbitrum platform

In this post:

  • Radiant Capital pauses lending on Arbitrum after a $4.5 million exploit.
  • The attacker used known code issues for unauthorized gains.
  • Radiant Capital investigates and warns against phishing scams.

Radiant Capital, a prominent cross-chain lending protocol, has temporarily suspended its lending and borrowing markets on the Arbitrum blockchain due to a substantial security breach. 

Reports indicate that a flash loan attack resulted in the unauthorized withdrawal of approximately $4.5 million in Ether from one of its newly established USDC Coin (USDC) markets. Radiant Capital developers and the wider cybersecurity community confirmed the incident.

Flash loan attack exploits rounding issue

The security breach was orchestrated through a flash loan attack, with the attacker exploiting a critical “rounding issue” within the protocol’s codebase. This flaw led to a cumulative precision error, enabling the attacker to profit through repeated deposit() and withdraw() operations within the system. 

Beosin, a blockchain security firm, provided insights into the nature of the exploit, characterizing it as a known issue originating from the current Compound/Aave codebase.

PeckShield, in an earlier report on January 2, identified the root cause of the attack as a “known rounding issue” within the Compound/Aave codebase. This vulnerability was previously associated with activating new markets in lending protocols. 

In this case, the attacker exploited a specific time window during the activation of a newly created native USDC market on Arbitrum, which was based on the popular Compound/Aave protocols.

Read Also  Fake Ledger Live: Chrome extension stole over 200K XRP in last month alone, report claims

The exploit resulted in the illicit withdrawal of a staggering $4.5 million worth of Ether from Radiant Capital’s protocol. Data from the Arbitrum block explorer Arbiscanner confirmed the extent of the breach. Following the discovery of the attack, Radiant Capital took immediate action to pause its lending and borrowing markets on Arbitrum.

Investor reassurance and investigation

Radiant Capital has moved swiftly to address the situation and assure its users. The protocol emphasized that no additional funds were currently at risk and pledged to conduct a comprehensive postmortem analysis of the security breach. Normal operations will be reinstated once the investigation is completed and necessary security measures are in place.

In the wake of the security incident, fraudulent Radiant Capital accounts have emerged across various crypto forums, particularly on Crypto X, attempting to deceive users with phishing links purporting to help revoke approvals. This has raised concerns within the crypto community about the potential for further security threats and scams targeting Radiant Capital’s users.

Radiant Capital: A decentralized lending protocol

Radiant Capital is a decentralized borrowing and lending protocol that offers cross-chain functionality, utilizing LayerZero technology. The platform currently boasts a total value locked (TVL) of approximately $315 million, as reported by DefiLlama. 

The security breach on the Arbitrum blockchain has prompted Radiant Capital to take proactive measures to safeguard its users’ assets and restore confidence in its platform.

A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Editor's choice

Loading Editor's Choice articles...

Stay on top of crypto news, get daily updates in your inbox

Most read

Loading Most Read articles...
Subscribe to CryptoPolitan