Radiant Capital Exploited – Is Your Crypto Safe?

Published January 3, 2024 11:45 AM

By Teuta Franjkovic

The Radiant DAO Council paused lending markets on Arbitrum temporarily | Credit: Pixabay

Key Takeaways

Cr0ss-chain lending protocol Radiant Capital fell victim to a significant exploit.
Authorities say that the underlying cause of the attack is a previously known issue.
The protocol suffered a substantial loss of millions in Ethereum due to the breach.

Following a major security breach in one of its new USD Coin (USDC) markets, Radiant Capital, a cross-chain lending protocol, has halted its lending and borrowing activities on Arbitrum.

On January 3, several blockchain security companies said a flash loan attack had compromised the protocol. PeckShield pointed out that the fundamental vulnerability exploited was not a new one.

$4.5 Million Heist at Radiant Capital

As detailed in PeckShield’s analysis , the attacker targeted Radiant Capital by exploiting its newly launched USDC market. They struck just six seconds after its activation. The security firm has disclosed the specifics of how this breach occurred.

According to Peckshield:

“It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding issue in current Compound/Aave codebase.”

Today's hack on @RDNTCapital results in the loss of 1.9k eth (~$4.5m).

The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding… https://t.co/XogWUVO3po pic.twitter.com/x5X9ql8AGA

— PeckShield Inc. (@peckshield) January 2, 2024

In a separate analysis , blockchain security company Beosin said the assailant manipulated the ‘index parameter’ to an excessively large value. This resulted in a cumulative precision error.

Beosin wrote :

“Since the index parameter was dramatically inflated, this precision error was also magnified, ultimately allowing the attacker to profit through repeated deposit() and withdraw() operations.”

Radiant Capital @RDNTCapital was under a flash loan attack with a loss of $4.5M.
Attacker: https://t.co/L7fXlF8VXP

The attacker manipulated the index parameter (which later served as a denominator) to become extremely large. The contract has a rounding issue in its… pic.twitter.com/8AdY7pjaKE

— Beosin Alert (@BeosinAlert) January 3, 2024

According to the findings from both security firms, the attack resulted in Radiant Capital incurring a loss of approximately 1,900 Ethereum worth around $4.5 million. Radiant later confirmed this in a subsequent update.

Radiant Capital Acknowledges Security Breach

Following the initial reports of the breach, Radiant Capital released a statement acknowledging an “issue with the newly created native USDC market on Arbitrum.” While confirming the incident, the protocol emphasized that “no current funds” were under threat.

Today, we received a report of an issue with the newly created native USDC market on Arbitrum. After validation by Radiant developers and the wider Web 3 security community, the Radiant DAO Council paused lending/borrowing markets on Arbitrum temporarily while this is…

— Radiant Capital (@RDNTCapital) January 3, 2024

Radiant Capital said it would publish a comprehensive analysis once the issue was fully addressed. The protocol also said that any remedial actions would be deferred until the markets on Arbitrum were reactivated. As of the latest updates, Radiant had yet to issue any new information regarding the situation.

Was this Article helpful? Yes No

About the Author

Teuta Franjkovic

Teuta is a seasoned writer and editor with more than 15 years of experience. She has expertise in covering macroeconomics and technology as well as the cryptocurrency and blockchain industries. She has worked for several publications as a journalist and editor, including Forbes, Bloomberg, CoinTelegraph, Coin Rivet, CoinSpeaker, VRWorld and Arcane Bear. Teuta began her professional career in 2005, working as a lifestyle writer at Cosmopolitan in Croatia. From there, she branched out to several other publications, covering mainly business and the economy. She then turned her attention to the world of cryptocurrency and blockchain, believing that crypto is among the most important inventions in the history of humanity. Her involvement in fintech began in 2014 and she has since lent her expertise in writing, editing and gathering information about the world of crypto, blockchain, NFTs and Web3. An all-round news hound, mentor, editor, and writer, Teuta enjoys teamwork and good communication. She holds a WSET2 diploma and has a thing for chablis, punkrock music and shoes. She also holds a double MA in Political science and Entrepreneurship.

[email protected] LinkedIn Twitter