Radiant Capital, a well-known cross-chain lending system, was recently the victim of a major security breach that resulted in the theft of 1,900 Ethereum (ETH) worth $4.5 million. PeckShield, a blockchain security and analytics firm, was the first to report the incident.
The attack took advantage of a flaw in the lending platform that emerged following the activation of a new market. It’s worth noting that the platform under consideration is a fork of two well-known systems, Compound and Aave.
The hacker took advantage of a well-known rounding flaw in the current Compound/Aave codebase. Surprisingly, the exploit was carried out just six seconds after the new USDC market was activated.
PeckShield recommends taking a precautionary approach by activating new markets with a Collateral Factor (CF) of 0% to reduce the risk of such exploits.
Radiant Capital responded quickly to the security incident by suspending both lending and borrowing markets on Arbitrum, where the native USDC market had recently been launched.
The Radiant DAO Council decided to conduct a thorough investigation, which included validation by Radiant developers and the broader Web 3 security community.
While the investigation is ongoing, Radiant Capital assured users that no existing funds are at risk. Arbitrum’s lending and borrowing markets have been temporarily suspended, and normal protocol activities are expected to resume once the investigation is completed.
The security breach at Radiant Capital highlights the cryptocurrency industry’s ongoing vulnerabilities and exploits. The community is awaiting a detailed post-mortem report on the incident’s aftermath as the investigation continues.