The cross-chain lending protocol Radiant Capital has recently fallen victim to a hack, resulting in the loss of 1,900 ETH, equivalent to approximately $4.5 million. This incident has raised concerns about the security and vulnerabilities of decentralized finance platforms, particularly in the face of flash loan attacks.
The Hack and Exploitation
According to the blockchain security and analytics firm PeckShield Inc., the hacker found a vulnerability in Radiant Capital’s codebase just six seconds after a new USDC market was activated in the lending system. Through exploiting a “rounding issue” in the code, the attacker was able to benefit from cumulative precision errors, enabling them to carry out repeated deposit and withdrawal operations for profit.
In response to the hack, Radiant Capital has temporarily suspended its lending and borrowing markets on Arbitrum. The Radiant DAO Council has taken this step as they resolve the issue with the newly created native USDC market. The protocol assures users that a postmortem report will be published once the problem is resolved, providing transparency and accountability. Despite the hack, current funds are not at risk, and once the investigation is concluded, operations are expected to return to normalcy.
Unfortunately, the aftermath of the security breach has been further complicated by the emergence of fake Radiant Capital accounts on X. These fraudulent accounts are disseminating phishing links under the pretense of aiding users in revoking approvals. This not only adds to the challenges faced by the protocol in managing the security breach but also puts users at risk of falling victim to additional cyberattacks.
Flash Loan Attacks and Other Incidents
The hack suffered by Radiant Capital is just one example of the ongoing security challenges faced by decentralized finance platforms. Flash loan attacks, in particular, continue to exploit vulnerabilities in various blockchain ecosystems. In October 2023, DeFi Protocol Platypus Finance experienced a flash loan attack, resulting in a loss of over $2 million. Similarly, Sturdy Finance faced multiple hacks earlier in the same year, resulting in the loss of $800,000 worth of ETH.
The recent hack on Radiant Capital highlights the urgent need for enhanced security measures within decentralized finance platforms. As flash loan attacks persist and hackers exploit vulnerabilities in protocol codebases, it is crucial for platforms to prioritize robust security practices and conduct thorough audits of their systems. This incident serves as a reminder that the success and widespread adoption of decentralized finance depend on building trust and confidence among users, investors, and the wider crypto community.