Radiant Capital Pauses Arbitrum Market After $4.5M Flash Loan Attack

Published: Jan 3, 2024
Written By:
Vignesh Karunanidhi
Milk Road Writer

Decentralized lender Radiant Capital became the latest DeFi protocol to fall victim to an exploit. The exploit resulted in a loss of 1,900 ETH worth approximately $4.5 million. The hack leveraged known issues in coding shared across major lending platforms.

The attack came just six seconds after Radiant enabled a new stablecoin lending market. Security firms quickly identified the vector:

Key Details:

  • The attacker manipulated an index parameter because of a rounding precision error in Compound/Aave forks.
  • This allowed for inflating the error through repeated deposits and withdrawals for profit.
  • The flaw enabled sniping a new market activation before defenses were in place.

PeckShield described it as an exploit of “a time window when a new market is activated in a lending market.” Beosin Alert highlighted the “rounding issue” allowing manipulation.

Read more: Crypto Voters Emerge As 2024 Election Wild Card: Report

Radiant’s platform was built using the open-source code behind leading lending protocols Compound and Aave. This code is reused across dozens of “forked” DeFi projects. Thus, vulnerabilities in the shared foundations expose many systems built on top.

Scammers Seek to Capitalize on Radiant Capital Hack

Beosin notes that “the contract has a rounding issue in its calculations.” Such math precision bugs are epidemic in Ethereum smart contracts.

Radiant confirmed pausing activity on its Arbitrum deployment pending an investigation. The team vowed to release a detailed post-mortem once it was resolved.

Read more: Crypto Wallet Founder Loses $125,000 StETH In Fake Airdrop Scam

Nonetheless, opportunistic scammers flooded social media with fake Radiant accounts offering to “help” victims. Additionally, these malicious links aim to trick liquidity providers into approving access to their remaining funds for drainage.

Hackers routinely capitalize on common pitfalls to siphon millions before fixes can be deployed. Users must remain vigilant against phishing attempts when chaos erupts to avoid further losses.

Vignesh Karunanidhi

Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.

Vignesh Karunanidhi
Milk Road Writer
Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 6 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.