Radiant Capital Attack Caused Approximately $4.5 Million In Losses

Key Points:

• Radiant Capital temporarily suspends its native USDC market on Arbitrum due to reported issues, pending investigation by the Radiant DAO committee.
• PeckShield monitoring reveals a $4.5 million loss as attackers exploit a time window and a known code issue in Compound/Aave during the Radiant Capital attack.

Radiant Capital, a prominent player in the decentralized finance (DeFi) space, recently encountered issues with its newly established native USDC market on the Arbitrum network.

Read more: Radiant Capital Review: Top 1 Lending Platform Of Arbitrum

Radiant Capital Attack Causes USDC Market on Arbitrum Temporarily Suspended

Following reports, the Radiant DAO committee, consisting of developers and the wider Web 3 security community, has taken swift action by temporarily suspending the lending market on Arbitrum. Although no funds are currently at risk, the committee has initiated a thorough investigation to identify and address the concerns.

PeckShield monitoring revealed that the Radiant Capital attack resulted in a loss of 1,900 ETH, equivalent to approximately $4.5 million. The exploit capitalized on a time window within the lending market, akin to mechanisms found in popular platforms like Compound and Aave. The vulnerability, rooted in a known rounding issue in the current Compound/Aave code base, allowed attackers to activate a new market just 6 seconds after its deployment.

In a noteworthy move, the Radiant Capital contract deployer left a message on the blockchain addressing the attacker. The message conveyed a willingness to establish contact and engage in discussions about the exploited vulnerability.

The deployer speculated that the Radiant Capital attack might have been carried out by a white hat or gray hat for various reasons, expressing a desire to collaborate for future steps. The communication channel was established at RadiantBugNegotiation@radiant.capital.