In the rapidly evolving blockchain space, Radiant Capital, a cross-chain lending protocol, has halted its lending and borrowing services on the popular Layer-2 network Arbitrum following a $4.5 million hack affecting one of its newly created USDC Coin services. The incident was reported on January 3rd and later confirmed by Radiant developers and the wider cybersecurity community.
Blockchain security firm Beosin identified the attack as a flash loan exploit caused by a cumulative rounding error in the codebase. The vulnerability was exploited through repeated deposit and withdrawal transactions, allowing the attacker to profit. PeckShield, another blockchain security company, had previously reported on January 2nd that the issue stemmed from a known rounding problem in the existing Compound/Aave codebase.
According to data from the Arbitrum block explorer Arbiscanner, the hacker successfully withdrew a total of $4.5 million in Ethereum from the protocol. In response, Radiant Capital has suspended its operations on Arbitrum, reassuring investors that no additional funds are currently at risk. The team has promised a detailed report following the completion of their investigation and has committed to resuming normal operations thereafter.
Following the incident, fake Radiant Capital accounts flooded social media platform X, posting phishing links that claimed to help users cancel their approvals. These fraudulent activities have raised concerns among the community and highlighted the need for increased vigilance.
Radiant Capital operates as a decentralized lending and borrowing protocol with cross-chain functionality built using LayerZero technology. According to blockchain data analytics platform DefiLlama, the protocol currently has a total locked value of approximately $315 million.
The hack on Radiant Capital underscores the ongoing security challenges in the DeFi space and the importance of robust security measures to protect against such exploits. The community awaits further details from the investigation to understand the full implications of the attack.