Home / News / Crypto / News / Radiant Capital Exploited – Is Your Crypto Safe?
News
3 min read

Radiant Capital Exploited – Is Your Crypto Safe?

Last Updated January 3, 2024 11:45 AM
Teuta Franjkovic
Last Updated January 3, 2024 11:45 AM

Key Takeaways

  • Cr0ss-chain lending protocol Radiant Capital fell victim to a significant exploit.
  • Authorities say that the underlying cause of the attack is a previously known issue.
  • The protocol suffered a substantial loss of millions in Ethereum due to the breach.

Following a major security breach in one of its new USD Coin (USDC) markets, Radiant Capital, a cross-chain lending protocol, has halted its lending  and borrowing activities on Arbitrum.

On January 3, several blockchain security companies said a flash loan attack had compromised the protocol. PeckShield pointed out that the fundamental vulnerability exploited was not a new one.

$4.5 Million Heist at Radiant Capital

As detailed in PeckShield’s analysis , the attacker targeted Radiant Capital by exploiting its newly launched USDC market. They struck just six seconds after its activation. The security firm has disclosed the specifics of how this breach occurred.

According to  Peckshield:

“It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding issue in current Compound/Aave codebase.”

In a separate analysis , blockchain security company Beosin said the assailant manipulated the ‘index parameter’ to an excessively large value. This resulted in a cumulative precision error.

Beosin wrote :

“Since the index parameter was dramatically inflated, this precision error was also magnified, ultimately allowing the attacker to profit through repeated deposit() and withdraw() operations.”

According to the findings from both security firms, the attack resulted in Radiant Capital incurring a loss of approximately 1,900 Ethereum worth around $4.5 million. Radiant later confirmed this in a subsequent update.

Radiant Capital Acknowledges Security Breach

Following the initial reports of the breach, Radiant Capital released a statement  acknowledging an “issue with the newly created native USDC market on Arbitrum.” While confirming the incident, the protocol emphasized that “no current funds” were under threat.

Radiant Capital said it would publish a comprehensive analysis once the issue was fully addressed. The protocol also said that any remedial actions would be deferred until the markets on Arbitrum were reactivated. As of the latest updates, Radiant had yet to issue any new information regarding the situation.

Was this Article helpful? Yes No