Radiant Capital Pauses Arbitrum Market After $4.5M Flash Loan Attack
Decentralized lender Radiant Capital became the latest DeFi protocol to fall victim to an exploit. The exploit resulted in a loss of 1,900 ETH worth approximately $4.5 million. The hack leveraged known issues in coding shared across major lending platforms.
The attack came just six seconds after Radiant enabled a new stablecoin lending market. Security firms quickly identified the vector:
Key Details:
- The attacker manipulated an index parameter because of a rounding precision error in Compound/Aave forks.
- This allowed for inflating the error through repeated deposits and withdrawals for profit.
- The flaw enabled sniping a new market activation before defenses were in place.
PeckShield described it as an exploit of “a time window when a new market is activated in a lending market.” Beosin Alert highlighted the “rounding issue” allowing manipulation.
Read more: Crypto Voters Emerge As 2024 Election Wild Card: Report
Radiant’s platform was built using the open-source code behind leading lending protocols Compound and Aave. This code is reused across dozens of “forked” DeFi projects. Thus, vulnerabilities in the shared foundations expose many systems built on top.
Scammers Seek to Capitalize on Radiant Capital Hack
Beosin notes that “the contract has a rounding issue in its calculations.” Such math precision bugs are epidemic in Ethereum smart contracts.
Radiant confirmed pausing activity on its Arbitrum deployment pending an investigation. The team vowed to release a detailed post-mortem once it was resolved.
Read more:Ā Crypto Wallet Founder Loses $125,000 StETH In Fake Airdrop Scam
Nonetheless, opportunistic scammers flooded social media with fake Radiant accounts offering to “help” victims. Additionally, these malicious links aim to trick liquidity providers into approving access to their remaining funds for drainage.
Hackers routinely capitalize on common pitfalls to siphon millions before fixes can be deployed. Users must remain vigilant against phishing attempts when chaos erupts to avoid further losses.
