Image of a report on a $4.5M flash loan attack on Arbitrum markets halted by Radiant Capital and the impact of web 3.0 blockchain projects on Artificial Intelligence.
Radiant Capital halts Arbitrum markets after reported $4.5M flash loan attack

Exploit Affects USDC Coin Market on Arbitrum

Radiant Capital, a cross-chain lending protocol, has temporarily paused its lending and borrowing activities on Arbitrum after reports of a $4.5 million exploit affecting one of its newly created USDC Coin (USDC) markets.

The exploit was confirmed by Radiant developers and the wider cybersecurity community, according to a Jan. 3 post on X by Radiant. Blockchain security firm Beosin identified the issue as a flash loan attack, which was made possible by a “rounding issue” in the codebase that caused a “cumulative precision error.” The attacker was able to profit from repeated deposit() and withdraw() operations, the firm wrote in a Jan. 3 post on X.

Exploiting a Known Rounding Issue

On Jan. 2, PeckShield identified a “known rounding issue” in the Compound/Aave codebase as the cause of the issue. According to the post, the root cause of the exploit is “not new” and involves a time window when a new market is activated in a lending market.

Arbiscanner data revealed that the exploiter had managed to siphon a total of $4.5 million in Ether (ETH) from the protocol. In response, Radiant paused lending and borrowing markets on Arbitrum, and stated that no additional funds were at risk. The company further promised a detailed postmortem and to restore normal operations once the investigation was completed.

Radiant Capital Protocol

Radiant Capital, a decentralized borrowing and lending protocol with cross-chain functionality built using LayerZero technology, reminded that no action can be taken until the markets are unpaused on Arbitrum. Data from DefiLlama shows that the protocol currently has around $315 million in total value locked.

Fake Accounts

Crypto X has been overwhelmed with fake Radiant Capital accounts posting phishing links that claim to help users revoke approvals. To prevent this, fake AI generators and other AI technology is being used to detect and stop these accounts.

Categorized in:

Tagged in: