A major player in the crypto and decentralized finance (DeFi) area, Radiant Capital recently ran into problems with its freshly created native USDC market on the Arbitrum network.
PeckShield, a blockchain security and analytics company, reports that 1,900 ETH (around $4.5 million) worth of the cross-chain lending protocol Radiant Capital was compromised.
The Web 3 security community and developers that make up the Radiant DAO committee acted quickly in response to the reports, halting the loan market on Arbitrum for a short period of time.
Flash Loan Assault: Exploiting Lending Market
The underlying cause is not new: according to PeckShield, it essentially takes advantage of a window of opportunity that arises when a new market is opened in the lending industry.
Today’s hack on @RDNTCapital results in the loss of 1.9k eth (~$4.5m).
The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding… https://t.co/XogWUVO3po pic.twitter.com/x5X9ql8AGA
— PeckShield Inc. (@peckshield) January 2, 2024
The digital security company clarified that the security breech, which appeared to be a flash loan assault, happened six seconds after the new crypto market was launched.
According to PeckShield, the exploit took advantage of a window in the lending market, similar to the workings of well-known websites like Compound and Aave.
A flash loan attack is a form of exploit in which a bad actor uses flash loan features to influence markets or exploit weaknesses in smart contracts.
As of today, the market cap of cryptocurrencies stood at $1.685 trillion. Chart: TradingView.com
Some DeFi platforms enable users to borrow assets without requiring collateral by offering flash loans, an uncollateralized loan type that only requires repayment of the borrowed amount in the same transaction.
Crypto Industry Faces $1.5 Billion Losses
Reports indicate that as of September 2023, the cryptocurrency industry have lost a total of $1.5 billion due to hacks and frauds, as security concerns continue to escalate.
Radiant Capital acknowledged the problem on X and stated that, while the matter is being looked into, the Radiant DAO Council has temporarily paused its lending and borrowing markets on Arbitrum, a Layer-2 scaling solution that Radiant Capital operates on. According to Radiant, no money is at risk at this time.
Today, we received a report of an issue with the newly created native USDC market on Arbitrum. After validation by Radiant developers and the wider Web 3 security community, the Radiant DAO Council paused lending/borrowing markets on Arbitrum temporarily while this is…
— Radiant Capital (@RDNTCapital) January 3, 2024
Once the matter is completely resolved, a thorough postmortem report will be made public, and Arbitrum will recommence its regular protocol operations following the conclusion of the investigation.
This security incident is part of a larger pattern of crypto attacks in the DeFi sector, which is further emphasized by the breach that occurred in Orbit Chain’s bridging service, Orbit Bridge, resulting in a significant loss of $82 million on December 31.
Featured image from iStock