Radiant Capital, a cross-chain lending protocol, has temporarily halted its lending and borrowing markets on Arbitrum following reports of a $4.5 million exploit affecting a newly created USDC Coin (USDC) market. The issue was described as a flash loan attack by blockchain security firm Beosin, exploiting a “rounding issue” in the codebase that resulted in a cumulative precision error. This allowed the attacker to profit through repeated deposit() and withdraw() operations.
PeckShield also identified the problem as a “known rounding issue” in the current Compound/Aave codebase, exploiting a time window when a new market is activated in a lending market, which was forked from Compound/Aave.
The exploiter successfully drained $4.5 million in Ether (ETH) from the protocol, as reported by Arbitrum block explorer Arbiscanner. In response, Radiant Capital has paused lending and borrowing markets on Arbitrum, ensuring that no additional funds are currently at risk. The protocol has assured investors of a detailed postmortem and pledged to restore normal operations once the investigation is completed.
Radiant Capital, known for its decentralized borrowing and lending protocol with cross-chain functionality built using LayerZero technology, currently has approximately $315 million in total value locked, according to DefiLlama. It is worth noting that fake Radiant Capital accounts have surfaced on Crypto X, posting phishing links claiming to help users revoke approvals, highlighting the need for caution in the aftermath of the exploit.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up