Radiant Capital Suffers $4.5 Million USD Attack

Lending project on Arbitrum, Radiant Capital, has been exploited by hackers, resulting in losses amounting to $4.5 million USD.

Radiant Capital Suffers $4.5 Million USD Attack. Photo: Radiant Capital

In an announcement posted on the morning of January 3rd, Radiant Capital (RDNT) stated it had received warnings about a vulnerability in its USDC lending operations on Arbitrum. After assessing the situation, the project decided to temporarily halt all lending/borrowing activities until the issue is resolved, while assuring users that their assets remain safe.

Blockchain security firm PeckShield confirmed that Radiant Capital was hacked, estimating losses of around 1,900 ETH, equivalent to $4.5 million USD.

The incident originated from a vulnerability during the creation of new loans on Radiant, which had previously been identified in Compound and Aave—two prominent lending protocols on Ethereum that Radiant's model emulates.

Today's hack on @RDNTCapital results in the loss of 1.9k eth (~$4.5m).

The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding…

Radiant subsequently sent a message to the hacker, expressing a desire to negotiate for the return of the stolen funds.

The price of Radiant's RDNT token was minimally affected by the news of the attack.

1-hour chart of RDNT/USDT pair on Binance at 08:20 AM on 01/03/2024

The Total Value Locked (TVL) in the project remains stable around $315 million USD, showing continuous growth since mid-2023.

Fluctuation in Radiant Capital's TVL. Source: DefiLlama (01/03/2024)

This is the second hacking incident in 2024, following Orbit Chain's bridge incident on January 1st, which caused losses amounting to $81.5 million USD.