Key Takeaways
- The breach targeted a newly created market for USDC Coin on the Arbitrum network.
- Radiant Capital has confirmed the suspension of lending and borrowing markets on Arbitrum.
Radiant Capital, a decentralized finance (DeFi) platform, recently fell victim to a flash loan attack, resulting in a loss of 1,900 ETH, approximately $4.5 million. The exploit targeted a newly created market for USDC Coin (USDC) on the Arbitrum network, prompting Radiant Capital to temporarily suspend its lending and borrowing markets.
A flash loan attack is a type of exploit where a malicious actor takes advantage of the features of flash loans to manipulate markets or exploit vulnerabilities in smart contracts. Flash loans are a type of uncollateralized loan offered by some DeFi platforms that allows users to borrow assets without providing any collateral, as long as the borrowed amount is returned within the same transaction.
Blockchain security firm PeckShield Inc. identified the attack, leveraging a known rounding issue in the current Compound/Aave codebase. The vulnerability was exploited within six seconds of the activation of the new market, a common occurrence in similar lending market exploits.
Radiant Capital acknowledged the issue on social media, confirming the suspension of lending and borrowing markets on Arbitrum. The Radiant DAO Council initiated this move to conduct a thorough investigation, collaborating with its developers and the broader cybersecurity community to validate the reported exploit.
Beosin, another blockchain security firm, characterized the attack as a flash loan exploit. The assailant capitalized on a “rounding issue” in the codebase, leading to a cumulative precision error. This error allowed for repeated deposit() and withdraw() operations, ultimately enabling the attacker to profit.
Arbiscanner, an Arbitrum block explorer, confirmed the exploiter successfully withdrew $4.5 million in Ether from Radiant Capital. Despite the significant loss, Radiant Capital assured its investors that no additional funds were currently at risk. The platform committed to delivering a comprehensive postmortem on the incident and pledged to resume normal operations following the completion of the investigation.
This security incident follows a broader trend in DeFi-related attacks, further underscored by the breach experienced by Orbit Chain’s bridging service, Orbit Bridge, resulting in a total loss of $82 million on December 31.
As the cryptocurrency industry grapples with mounting security challenges, reports reveal cumulative losses of $1.5 billion from hacks and scams until September 2023.
