Hacker Exploits Radiant Capital for $4.5 Million Ethereum
Radiant Capital Protocol Hacked, Millions in Ethereum Stolen
Cross-chain lending protocol Radiant Capital has fallen victim to a flash loan attack, resulting in the theft of millions of dollars’ worth of Ethereum (ETH). On January 3, multiple blockchain security firms reported that the lending protocol had been targeted, with experts noting that the root cause of the attack is not new. PeckShield, a security firm, explained that the hacker took advantage of a time window when a new market was activated in a lending market, exploiting a known rounding issue in the codebase. As a result, the hacker was able to siphon off 1,900 Ethereum, equivalent to approximately $4.5 million. Radiant Capital has confirmed the attack and temporarily suspended its lending and borrowing markets on Arbitrum.
Experts Identify Root Cause of Radiant Capital Attack
According to reports from blockchain security firms PeckShield and Beosin, the root cause of the Radiant Capital attack lies in an exploit that manipulates the index parameter. By inflating this parameter, a cumulative precision error occurs, enabling the attacker to profit from repeated deposit() and withdraw() operations. PeckShield emphasized that this exploit is not new and relies on vulnerabilities in the codebase of popular lending platforms like Compound and Aave. Although the exact details of the attack have not been disclosed, experts believe that the hacker took advantage of these vulnerabilities to execute their plan.
Radiant Capital Suspends Lending Markets After Exploit
In response to the attack, Radiant Capital has temporarily suspended its lending and borrowing markets on Arbitrum. The protocol aims to protect its users from further exploitation while it investigates the incident. Radiant Capital has assured its users that no current funds are at risk. The protocol has not provided any further updates on the situation at this time. It is expected that a detailed postmortem report will be released once the issue is resolved.
How the Radiant Capital Hack Happened: Security Firm Reports
Blockchain security firms PeckShield and Beosin have shed light on the vulnerabilities exploited in the Radiant Capital attack. The attacker was able to exploit a time window when a new market was activated, taking advantage of a rounding issue in the codebase. By manipulating the index parameter and causing a cumulative precision error, the attacker repeatedly carried out deposit() and withdraw() operations to drain Ethereum from the protocol. This resulted in the theft of 1,900 Ethereum, amounting to around $4.5 million.
Radiant Capital Confirms Attack, Assures No Current Funds at Risk
Radiant Capital has confirmed the attack and issued an update stating that it had been alerted to an issue with the newly created native USDC market on Arbitrum. However, the protocol reassured its users that no current funds were at risk. Radiant Capital has stated that it will provide a detailed postmortem report once the issue is resolved but noted that no action can be taken until the markets are unpaused on Arbitrum. The protocol has not released any further updates at this time.
Disclaimer: This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.
Analyst comment
Negative news. The hacking of Radiant Capital resulting in the theft of millions of dollars’ worth of Ethereum is a significant security breach. The market is likely to experience a decline in confidence and trust, potentially leading to a short-term decrease in demand for lending platforms like Radiant Capital.
