Cross-chain lending protocol Radiant Capital has become the latest DeFi protocol to fall victim to a hack after hackers stole 1900 ETH worth $4.5 million from the platform.
Radiant has announced the suspension of lending and borrowing markets on Arbitrum and has added that funds are not at risk.
Details Of The Hack
The attack on the protocol occurred seconds after Radiant enabled a new stablecoin lending market. Security firms quickly identified the exploit, stating that the attacker manipulated an index parameter due to a rounding precision error in Compound and Aave forks. This enabled the hacker to inflate the error through repeated deposits and withdrawals for profit. PeckShield described the attack as an exploit of the time window when a new market is activated in a lending market.
“The root cause is not new: It basically exploits a time window when a new market is activated in a lending market.”
Radiant Capital acknowledged the problem in a post on X and added that the Radiant DAO had temporarily suspended its lending and borrowing markets on Arbitrum. Arbitrum is a layer-2 scaling solution upon which Radiant Capital runs. Radiant also added that no funds were at risk. Radiant explained that the hack occurred due to a problem with the newly created native USDC market on Arbitrum. The protocol also stated that it would publish a full postmortem of the incident once the issue is resolved.
“Today, we received a report of an issue with the newly created native USDC market on Arbitrum. After validation by Radiant developers and the wider Web 3 security community, the Radiant DAO Council paused lending/borrowing markets on Arbitrum temporarily while this is investigated further. No current funds are at risk.”
Opportunistic Scammers Flood Market
As Radiant Capital grappled with the hack, several opportunistic scammers flooded social media with fake Radiant accounts, offering to “help” those impacted by the hack. The scammers intended to make users click on malicious links to trick them into approving access to their remaining funds. Once hackers had access to the funds, they would drain them as well.
Opportunistic hackers generally capitalize on common errors and shortfalls to siphon off millions before developers can deploy fixes. This is why users must always remain vigilant against hacking and phishing attempts.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.