Arbitrum markets suspended by Radiant Capital after suspected $4.5 million flash loan attack

Experts in blockchain security have identified a “known rounding issue” inside the software as the root source of the problem.

A technique for cross-chain lending Following claims of a $4.5 million exploit impacting one of its newly minted USDC Coin (USDC) exchanges, Radiant Capital has temporarily halted its lending and borrowing markets on Arbitrum.

In a post on X (previously Twitter) made by Radiant on January 3rd, the company said, “Today, we received a report of an issue with the newly created native USDC market on Arbitrum.” The post went on to say that developers from Radiant and the cybersecurity community subsequently confirmed the incident.

A flash loan attack was defined by blockchain security company Beosin as an instance where an attacker took advantage of a “rounding issue” in the coding, “which led to a cumulative precision error.”

“The attacker was able to profit through repeated deposit() and withdraw() operations” as a result, according to a post on X made on January 3rd.

A previous post by PeckShield on January 2nd also pointed to a “known rounding issue” in the present Compound/Aave codebase as the source of the problem.

“The culprit is nothing new: It essentially takes advantage of a window of opportunity when a lending market (a fork from the popular Compound/Aave) is activated,” it said.

Data from the Arbitrum block explorer Arbiscanner shows that the exploiter was able to steal $4.5 million worth of Ether from the protocol.

Since then, Radiant has given investors their money back by pausing the Arbitrum lending and borrowing markets. It assured customers of a thorough postmortem and said it would go back to business as usual when the probe was over. “Just a friendly reminder: the markets cannot be uncaused on Arbitrum until then,” Radiant said.

False Radiant Capital accounts have already saturated Crypto X with phishing links that claim to let users withdraw authorization.

A LayerZero-based decentralized lending and borrowing system also has cross-chain capability. The overall value of the protocol is presently locked at roughly $315 million, according to DefiLlama.

Also Read: SEC Could Postpone ETF Decision Due To Increasing Workload