Radiant hacked for 4.5 million USD, suspends Arbitrum USDC lending market
The cybersecurity firm PeckShield pointed out that the Arbitrum-based major lending protocol Radiant Capital suffered a loss of approximately 1900 ETH, equivalent to about 4.5 million USD, due to a new lending market vulnerability. Radiant Capital responded that currently no funds are at risk.
Table of Contents
Security Company: Hacks Due to Common Reasons
The security company Peckshield stated that the recent hacks were all due to common reasons.
The hackers exploited a time window triggered by the launch of a new market in the lending market forked by Compound/Aave, and took advantage of a known rounding issue still present in the current Compound/Aave codebase.
They targeted the new USDC market and attacked it just 6 seconds after it was launched. https://arbiscan.io/address/0x826d5f4d8084980366f975e10db6c4cf1f9dde6d
Today's hack on @RDNTCapital results in the loss of 1.9k eth (~$4.5m).
The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding… https://t.co/XogWUVO3po pic.twitter.com/x5X9ql8AGA
— PeckShield Inc. (@peckshield) January 2, 2024
Radiant Capital: Lending Market Suspended, No Other Fund Risks
Radiant Capital responded that there were issues with the newly created native USDC market on Arbitrum. After verification by Radiant developers and the broader Web 3 security community, the Radiant DAO Committee temporarily suspended the lending market on Arbitrum and is conducting further investigation. Currently, no funds are at risk.
Related
- US court dismisses ConsenSys' claim against SEC, agrees with SEC's reasons for the lawsuit
- BitGo's new stablecoin USDS is set to launch in 2025, sharing profits with liquidity providers.
- Aave Labs proposes integrating the tokenized fund BUIDL by BlackRock to enhance the efficiency of the GHO stability module.