Cross-chain lending protocol Radiant Capital recently fell victim to a hack, resulting in the loss of 1,900 ETH, equivalent to around $4.5 million. The incident was discovered by blockchain security and analytics firm PeckShield Inc. Radiant Capital operates as a decentralized borrowing and lending protocol, utilizing cross-chain functionality built with LayerZero technology. Currently, the protocol has approximately $315 million in total value locked, according to DefiLlama.
The attack on Radiant Capital was carried out by an opportunistic hacker who took advantage of a small time window. Just six seconds after the activation of a new USDC market in the lending system, the hacker seized the opportunity to exploit a “rounding issue” in the codebase. This rounding issue led to cumulative precision errors, enabling the attacker to profit from repeated deposit and withdrawal operations. This information was shared by PeckShield Inc. in a post on X.
Radiant Capital swiftly responded to the incident, stating that the Radiant DAO Council has temporarily suspended lending and borrowing markets on Arbitrum. The protocol acknowledged that the issue stemmed from a problem with the newly created native USDC market on Arbitrum. However, Radiant Capital assured users that current funds were not at risk and expressed their commitment to publishing a postmortem report once the problem is resolved. The investigation is expected to determine the cause of the hack and enable operations to return to normalcy.
While addressing the aftermath of the security breach, Radiant Capital has encountered the challenge of fake accounts on X. These fraudulent accounts have been disseminating phishing links under the false pretense of assisting users in revoking approvals. This has further complicated the management of the situation and added to the difficulties faced by Radiant Capital in the wake of the hack.
The Radiant Capital incident is not an isolated case, as flash loan attacks continue to pose security challenges within the decentralized finance (DeFi) space. In October 2023, DeFi Protocol Platypus Finance suffered a flash loan attack resulting in a loss of over $2 million. The subsequent investigation revealed that two malicious entities stole wrapped AVAX (WAVAX) worth approximately $1.3 million and liquid-staked AVAX (sAVAX) valued at around $913,000. The AVAX-sAVAX liquidity pool was specifically targeted in this attack.
A History of Hacks in DeFi
The hack on Radiant Capital is another addition to the growing list of hacks within the DeFi ecosystem. In October 2023, an attacker utilizing a Miner Extractable Value (MEV) bot executed an arbitrage profit of $1.575 million on the BNB Chain. Prior to this, in June of the same year, Sturdy Finance, a decentralized finance protocol, experienced multiple hacks resulting in the loss of 442 ETH, equivalent to $800,000. These incidents serve as a reminder of the need for robust security measures and constant vigilance to protect users and funds within the DeFi space.
Overall, the hack on Radiant Capital underscores the ongoing threat of security breaches in decentralized finance. As the industry continues to grow and attract more attention and investment, it is crucial for protocols to prioritize security and implement measures that can effectively safeguard user funds. The DeFi community must remain vigilant and work together to address these challenges and protect the integrity of the ecosystem.