Bankless Times
Lending Protocol Suspends Arbitrum Markets After $4.5M USDC Exploit
HomeNewsLending Protocol Suspends Arbitrum Markets After $4.5M USDC Exploit

Lending Protocol Suspends Arbitrum Markets After $4.5M USDC Exploit

Blockchain
Daniela Kirova
Daniela Kirova
January 3rd, 2024
Why trust us
Advertiser Disclosure
  • The cyber attacker exploited a “rounding issue” in the codebase
  • He took advantage of a time window when a new lending market was activated
  • Fake Radiant Capital accounts have flooded Crypto X since

Radiant Capital, a cross-chain lending protocol, suspended lending and borrowing markets on Arbitrum after a flash loan attack on one of its new USDC Coin (USDC) markets, Cointelegraph reported.

Radiant posted on X that they had received a report of an issue with the newly launched native USDC market on Arbitrum. The attack was later confirmed by Radiant developers as well as the broader cybersecurity community. Hopefully, it won’t result in USDC instability.

Profit via repeated deposits and withdrawals

According to blockchain security firm Beosin, the cyber attacker exploited a “rounding issue” in the codebase, which resulted in a “cumulative precision error.” Ultimately, he was able to profit through repeat deposit and withdrawal operations, according to a post on X today.

Yesterday, blockchain sleuth PeckShield also identified the problem as having been caused by a rounding issue in the current Compound/Aave codebase.

According to PeckShield, the exploiter took advantage of a time window when a new market was activated in a lending market, which was a fork from Compound/Aave. The root cause was not new in itself.

$4.5M in ether was stolen

Radiant Capital lost a total of $4.5 million in ether as a result, data from Arbitrum block explorer Arbiscanner shows, cited by Cointelegraph.

As soon as Radiant caught wind of the attack, it paused lending and borrowing markets on Arbitrum. No additional deposits are at risk, it reassured investors. The lending protocol promised a detailed analysis of the attack. It will restore customary operations after carrying out an investigation.

Radiant reminds users they cannot take any action until the protocol reactivates the markets on Arbitrum.

X is flooded with fake accounts

It’s hardly a surprise, but fake Radiant Capital accounts have flooded Crypto X since. The social medium is rife with phishing links claiming to help users get their money back.

Radiant Capital’s total value locked is around $315 million, current DeFiLlama data indicates. The decentralized protocol’s cross-chain functionality is developed based on LayerZero technology.

Contributors

Daniela Kirova
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.