- The cyber attacker exploited a “rounding issue” in the codebase
- He took advantage of a time window when a new lending market was activated
- Fake Radiant Capital accounts have flooded Crypto X since
Radiant Capital, a cross-chain lending protocol, suspended lending and borrowing markets on Arbitrum after a flash loan attack on one of its new USDC Coin (USDC) markets, Cointelegraph reported.
Radiant posted on X that they had received a report of an issue with the newly launched native USDC market on Arbitrum. The attack was later confirmed by Radiant developers as well as the broader cybersecurity community. Hopefully, it won’t result in USDC instability.
Profit via repeated deposits and withdrawals
According to blockchain security firm Beosin, the cyber attacker exploited a “rounding issue” in the codebase, which resulted in a “cumulative precision error.” Ultimately, he was able to profit through repeat deposit and withdrawal operations, according to a post on X today.
Yesterday, blockchain sleuth PeckShield also identified the problem as having been caused by a rounding issue in the current Compound/Aave codebase.
According to PeckShield, the exploiter took advantage of a time window when a new market was activated in a lending market, which was a fork from Compound/Aave. The root cause was not new in itself.
$4.5M in ether was stolen
Radiant Capital lost a total of $4.5 million in ether as a result, data from Arbitrum block explorer Arbiscanner shows, cited by Cointelegraph.
As soon as Radiant caught wind of the attack, it paused lending and borrowing markets on Arbitrum. No additional deposits are at risk, it reassured investors. The lending protocol promised a detailed analysis of the attack. It will restore customary operations after carrying out an investigation.
Radiant reminds users they cannot take any action until the protocol reactivates the markets on Arbitrum.
X is flooded with fake accounts
It’s hardly a surprise, but fake Radiant Capital accounts have flooded Crypto X since. The social medium is rife with phishing links claiming to help users get their money back.
Radiant Capital’s total value locked is around $315 million, current DeFiLlama data indicates. The decentralized protocol’s cross-chain functionality is developed based on LayerZero technology.