Radiant Capital Halts Operations After Falling Victim to $4.5M Flash Loan Exploit

Radiant Capital, a prominent cross-chain lending protocol, has made the shocking decision to temporarily freeze its lending and borrowing services on the Arbitrum network. This move comes following a meticulously planned exploit that resulted in the theft of an astonishing $4.5 million (equivalent to 2337 ETH) from its newly launched USDC Coin (USDC) markets.

On January 3, 2024, Radiant Capital received a report regarding an issue with its newly established native USDC market on Arbitrum. After careful examination by Radiant developers and the wider Web 3 security community, the Radiant DAO Council decided to pause lending and borrowing markets on Arbitrum while the situation is addressed.

The details of the attack reveal that Radiant’s tech team, working alongside cybersecurity experts, identified the breach as a flash loan attack. The problem originated from a subtle rounding discrepancy in the protocol’s code. Leading blockchain security firm Beosin highlighted how this rounding issue led to an unexpected precision error.

The attacker took advantage of this error by manipulating an index parameter, which later served as a denominator, to become extremely large. The contract had a rounding flaw in its code, which caused inflation and resulted in errors during deposit and withdraw operations. This flaw provided the attacker with a brief yet significant opportunity to generate substantial profits.

Further investigation by analytics firm PeckShield revealed a connection between this exploit and a vulnerability in the Compound/Aave codebase. It is worth noting that the USDC market was targeted just six seconds after its launch, underscoring the importance of exercising caution when introducing new markets.

In response to the breach, Radiant Capital has suspended its activities on Arbitrum. The platform assures users that no additional funds have been compromised. A thorough investigation is currently underway, and operations will resume once it is completed. The crypto community is closely monitoring Radiant Capital, known for its cross-blockchain asset trading, as it navigates this security breach.

This incident serves as a harsh lesson for decentralized finance (DeFi) platforms, highlighting the challenges they face in ensuring security. As the crypto world continues to expand, events like these emphasize the necessity of robust defenses against sophisticated attacks. The industry eagerly awaits Radiant Capital’s next steps as it addresses this breach.

Tags: Hack