PeckShield Inc., a blockchain security and analytics company, said on X today that the cross-chain lending protocol Radiant Capital was compromised for 1,900 ETH ($4.5 million).
“The fundamental cause is not novel: It essentially takes advantage of a brief moment when a fresh market is initiated within a lending market,” stated PeckShield. The new USDC +0.10% market was activated for six seconds before the security breach happened, according to the digital security company.
Today’s hack on @RDNTCapital results in the loss of 1.9k eth (~$4.5m).
The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding… https://t.co/XogWUVO3po pic.twitter.com/x5X9ql8AGA
— PeckShield Inc. (@peckshield) January 2, 2024
Additionally, Radiant Capital recognized the situation on X, stating that while the matter is being looked into, the Radiant DAO Council has temporarily paused its lending and borrowing markets on Arbitrum, a Layer-2 scaling solution that Radiant Capital operates on.
According to Radiant’s post, there was a “problem with the newly created native USDC market on Arbitrum” that led to the occurrence. It also mentioned that once the problem is fixed, it intends to release a postmortem.
Additionally, Radiant Capital guaranteed in the article that no present funds are in jeopardy and that business as usual will resume upon the conclusion of the investigation. The Block asked Radiant Capital to provide more information over Telegram, but they haven’t replied yet.