Cross-chain lending protocol Radiant Capital recently experienced a significant security breach, resulting in the loss of 1,900 ETH, equivalent to approximately $4.5 million. This incident sheds light on the vulnerabilities inherent in cross-chain lending systems and highlights the importance of robust security measures within the decentralized finance (DeFi) space.
According to blockchain security firm PeckShield Inc., the Radiant Capital hack occurred due to a hacker exploiting a time window just six seconds after the activation of a new USDC market in the lending system. The attacker took advantage of a “rounding issue” within the protocol’s codebase, leading to cumulative precision errors. By leveraging this loophole, the hacker engaged in repeated deposit and withdrawal operations, ultimately profiting from the system’s vulnerabilities.
Radiant Capital swiftly responded to the security breach by temporarily suspending lending and borrowing markets on Arbitrum, the network where the incident took place. The protocol’s Radiant DAO Council is actively investigating the issue, and it assures users that a postmortem report will be published once the problem is resolved. Despite the hack, the current funds of Radiant Capital users remain unaffected, and the protocol aims to resume normal operations after completing its investigation.
Unfortunately, as is common in such situations, fake Radiant Capital accounts have emerged, disseminating phishing links on X under the guise of assisting users in revoking approvals. These fraudulent accounts create additional challenges for the management of the aftermath of the security breach and highlight the importance of user awareness and caution when navigating the DeFi space.
The Radiant Capital hack is not an isolated incident within the DeFi ecosystem. Flash loan attacks, similar to the one experienced by Radiant Capital, continue to pose significant security challenges. Platypus Finance, another DeFi Protocol, suffered a flash loan attack resulting in a loss of more than $2 million. In a separate incident, an attacker utilizing a Miner Extractable Value (MEV) bot executed a substantial arbitrage profit of $1.575 million on the BNB Chain.
The Radiant Capital hack serves as a critical reminder of the vulnerabilities inherent in cross-chain lending protocols. As the decentralized finance space continues to grow, it becomes paramount for projects to prioritize robust security measures to safeguard user funds and ensure the long-term viability of the ecosystem. Additionally, users must stay vigilant, verify the authenticity of platforms and accounts, and exercise caution when engaging with DeFi protocols to protect themselves from potential scams and phishing attacks. Only through collective efforts can the DeFi space thrive and build trust among its users.