Radiant Capital Reports Exploit of $4.5 Million Ethereum Loss

cryptonews.com:

Radiant Capital has confirmed a security breach in its network, leading to the theft of Ethereum valued at approximately $4.5 million.

According to the blockchain security company PeckShield Inc., the hacker drained 1,900 Ethereum tokens within six seconds after a new market was activated on the decentralized platform. To analyze what exactly happened during the exploitation, PeckShield published a post to explain.

“The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave),” wrote the post. “The exploitation also relies on a known rounding issue in current Compound/Aave codebase.”

“Specifically, today’s actor … sniped the new USDC market deployment and exploited it *6 seconds* after the activation,” wrote PeckShield.

Radiant Capital also confirmed the hack in their official post, confirming the details of the exploit. “Today, we received a report of an issue with the newly created native USDC market on Arbitrum,” said the company.

Today, we received a report of an issue with the newly created native USDC market on Arbitrum. After validation by Radiant developers and the wider Web 3 security community, the Radiant DAO Council paused lending/borrowing markets on Arbitrum temporarily while this is…

— Radiant Capital (@RDNTCapital) January 3, 2024

In the meantime, the Arbitrum markets have been temporarily closed. “After validation by Radiant developers and the wider Web 3 security community, the Radiant DAO Council paused lending/borrowing markets on Arbitrum temporarily while this is investigated further,” said Radiant Capital.

According to the platform, no funds are at risk. At the moment, “no action can be taken until the markets are