Radiant Capital, a player in decentralized finance (DeFi) space, recently fell down victim of a sophisticated quick loan attack resulting in significant loss of funds. This incident highlights persistent vulnerabilities in the DeFi ecosystem, especially in the context of rapid lending and codebase issues.
Exploiting codebase weaknesses
The attacker targeted Radiant Capital’s newly created USDC Coin (USDC) market Arbitration, a popular Ethereum scaling solution. from manipulation critical parameter of the index within the contract, the attacker was able to significantly increase this parameter, which was later used as a denominator in the protocol calculations. This manipulation resulted in a cumulative accuracy error in the contract codebase.
Blockchain security firms Beosin and PeckShield highlighted that the root cause of this exploit is a known rounding issue in the current Compound/Aave codebase that Radiant Capital has likely forked for its operations. This rounding problem provided a window of opportunity for the attacker, allowing them to profit through repeated deposit and withdrawal operations. Therefore, the attacker was able to drain approximately $4.5 million in Ether (ETH) from the protocol
Radiant Capital’s answer
Upon discovery of the exploit, Radiant Capital acted quickly, pausing its Arbitrum lending and borrowing markets. The move was aimed at preventing further exploitation and preserving the remaining funds within the protocol. The Radiant DAO Committee, comprising Web 3 security experts and developers, confirmed the issue and supported the decision to suspend operations.
Radiant Capital has assured its investors and users that no additional funds are currently at risk and is committed to conducting a detailed autopsy of the incident. The protocol is intended to restore normal operations once the investigation is complete and the necessary precautions are in place to prevent similar occurrences in the future.
About Radiant Capital
Radiant Capital is a decentralized lending and borrowing protocol that offers cross-chain functionality. It uses LayerZero technology to enable seamless interactions across different blockchain networks. According to recent reports, Radiant Capital has about $315 million in total value locked, reflecting its significant position in the DeFi market.
Implications and future perspectives
The Radiant Capital incident serves as a stark reminder of the challenges and risks inherent in the DeFi space, especially in regards to security vulnerabilities. It highlights the need for continuous vigilance and improvement of protocol security, especially in the emerging markets of the DeFi sector.
As the DeFi ecosystem continues to evolve and expand, incidents like these highlight the importance of sound security practices and the need for ongoing code audits and reviews. For Radiant Capital and similar protocols, the way forward involves not only recovering from immediate losses, but also strengthening their systems to promote greater trust and resilience in the face of evolving threats.
Image source: Shutterstock