In response to allegations of a $4.5 million attack affecting one of its newly created USDC Coin (USDC) markets, Radiant Capital has suspended its lending and borrowing markets on Arbitrum.
“Today, we received a report of an issue with the newly created native USDC market on Arbitrum,” Radiant stated in a post on X (formerly Twitter) dated January 3. As the post continued, Radiant developers and the broader cybersecurity community confirmed the report.
Beosin, a firm specializing in blockchain security, referred to the flaw as a “rounding error” in the codebase, “which resulted in a cumulative precision error,” thereby committing a flash loan attack.
This ultimately enabled the “assailant to generate profits via recurrent deposits and withdrawals,” the source wrote in a post on X on January 3.
PeckShield previously characterized the issue as the result of a “known rounding issue” in the existing Compound/Aave codebase in a January 2 post.
It further stated, “The underlying cause is not novel: It exploits a time window during which a lending market’s (a forked version of the popular Compound/Aave) market becomes active.”
Data from Arbitrum block explorer Arbiscanner indicates that the perpetrator successfully stole $4.5 million worth of Ether from the protocol.
Subsequently, Radiant has suspended lending and borrowing activities on Arbitrum, assuring investors that no further funds are available at this time at risk. It secured regular operations following the conclusion of the investigation and guaranteed a comprehensive postmortem.
Radiant added, “As a reminder until the markets resume trading on Arbitrum, no action can be taken.”
In the interim, fraudulent Radiant Capital accounts have already inundated Crypto X with deceptive links to assist users in rescinding approvals.
Radiant Capital is a decentralized lending and borrowing protocol that utilizes LayerZero technology to enable cross-chain functionality. According to DefiLlama, the protocol presently has an estimated $300,15,000,000 locked value.
