Radiant Capital has confirmed a security breach in its network, leading to the theft of Ethereum valued at approximately $4.5 million.
According to the blockchain security company PeckShield Inc., the hacker drained 1,900 Ethereum tokens within six seconds after a new market was activated on the decentralized platform. To analyze what exactly happened during the exploitation, PeckShield published a post to explain.
“The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave),” wrote the post. “The exploitation also relies on a known rounding issue in current Compound/Aave codebase.”
“Specifically, today’s actor … sniped the new USDC market deployment and exploited it *6 seconds* after the activation,” wrote PeckShield.
Radiant Capital Acknowledges Exploitation
Radiant Capital also confirmed the hack in their official post, confirming the details of the exploit. “Today, we received a report of an issue with the newly created native USDC market on Arbitrum,” said the company.
Today, we received a report of an issue with the newly created native USDC market on Arbitrum. After validation by Radiant developers and the wider Web 3 security community, the Radiant DAO Council paused lending/borrowing markets on Arbitrum temporarily while this is…
— Radiant Capital (@RDNTCapital) January 3, 2024
In the meantime, the Arbitrum markets have been temporarily closed. “After validation by Radiant developers and the wider Web 3 security community, the Radiant DAO Council paused lending/borrowing markets on Arbitrum temporarily while this is investigated further,” said Radiant Capital.
According to the platform, no funds are at risk. At the moment, “no action can be taken until the markets are unpaused on Arbitrum.”
Orbit Chain Hit by $82 Million Hack in Cross-Chain Bridge Exploit
Orbit Chain’s Orbit Bridge service has also experienced a significant security breach, resulting in an $82 million loss. The hack, which occurred just before New Year’s, prompted the suspension of the cross-chain bridge contract.
Initial reports of unusual activity on Orbit Chain Bridge came from a social media user on Dec. 31. The hackers carried out five transactions, transferring substantial amounts of USDT, USDC, Ethereum, WBTC, and DAI into new wallets, as detailed by Arkham Intelligence.
In response to the exploit, Orbit Chain suspended the bridge contract and began on-chain negotiations with the hackers. Investigations are ongoing to understand more about the breach and track the stolen assets.