{"id":3256,"date":"2024-01-09T09:27:01","date_gmt":"2024-01-09T09:27:01","guid":{"rendered":"https:\/\/cryptobulls.biz\/blog\/?p=3256"},"modified":"2024-01-09T09:28:41","modified_gmt":"2024-01-09T09:28:41","slug":"radiant-capitals-4-5m-flash-loan-exploit","status":"publish","type":"post","link":"https:\/\/cryptobulls.biz\/blog\/radiant-capitals-4-5m-flash-loan-exploit\/","title":{"rendered":"Radiant Capital&#8217;s $4.5M Flash Loan Exploit"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_56_1 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\"><\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/cryptobulls.biz\/blog\/radiant-capitals-4-5m-flash-loan-exploit\/#Flash_Loan_Attack_on_Radiant_Capital\" title=\"Flash Loan Attack on Radiant Capital\">Flash Loan Attack on Radiant Capital<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/cryptobulls.biz\/blog\/radiant-capitals-4-5m-flash-loan-exploit\/#Radiant_Capitals_Response\" title=\"Radiant Capital&#8217;s Response\">Radiant Capital&#8217;s Response<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/cryptobulls.biz\/blog\/radiant-capitals-4-5m-flash-loan-exploit\/#Takeaway_for_DeFi\" title=\"Takeaway for DeFi\">Takeaway for DeFi<\/a><\/li><\/ul><\/nav><\/div>\n\n<p class=\"wp-block-paragraph\">Radiant Capital, a <a href=\"https:\/\/cryptobulls.biz\/blog\/cross-chain-swaps-how-to-trade-crypto-across-different-blockchain-networks\/\">cross-chain<\/a> lending protocol, recently encountered a flash loan exploit that led to the unethical withdrawal of $4.5 million (2337 ETH) from its recently launched USDC Coin (USDC) markets on the Arbitrum network. This is a noteworthy development in the decentralized finance (DeFi) space. This blog discusses the technical aspects of the attack, its details, and its consequences for Radiant Capital as well as the larger DeFi community.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cryptobulls.biz\/blog\/wp-content\/themes\/groovy\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/lh7-us.googleusercontent.com\/V0y50-Ow3NstRWPfdULWNvGj6lPYxYiATSjqzQlOl3UkYeWBoDy9msR19-wkD_4Sczb5M_suEYhEVc5J3q-e1EKSHPhslW7K3XFUttscojHwzeSYadnJlKwvIDj7TlGbWCsYa6pZq5LuqQSQj-K9s5o\" alt=\"\"\/><\/figure>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Flash_Loan_Attack_on_Radiant_Capital\"><\/span>Flash Loan Attack on Radiant Capital<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">Working with cybersecurity specialists, Radiant Capital&#8217;s tech team determined that the security breach was caused by a flash loan attack. The exploit took advantage of a minute rounding error in the protocol&#8217;s code, which resulted in an unexpected precision error. By manipulating an index parameter, the attacker was able to cause inflation and errors when performing deposit and withdrawal operations. This vulnerability gave the attacker a small but profitable window of opportunity to make a sizable profit.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cryptobulls.biz\/blog\/wp-content\/themes\/groovy\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/lh7-us.googleusercontent.com\/x1lgex_vFX6W5suwx8yOUvtpO80LevZ8DlKV8k5tGjpitH43hUkikAOqyRyV5PYwmM_H4QPOLofVFKypqIqne1iuB1qL4eU1RN4VUSxYufkAYHs5rwJ0mS-ZJkIsSRgA6cdAR5BK8fH1mG28ggPxopA\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">PeckShield analysts discovered a link between this exploit and a weakness in the Compound\/Aave codebase. Remarkably, within six seconds of its launch, the <a href=\"https:\/\/cryptobulls.biz\/blog\/usdt-vs-usdc-vs-busd-what-are-the-similarities-and-differences\/\">USDC<\/a> market was targeted. This highlights the need for caution when entering new markets, and the event serves as a sobering reminder of the difficulties and dangers that DeFi platforms must overcome.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cryptobulls.biz\/blog\/wp-content\/themes\/groovy\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/lh7-us.googleusercontent.com\/N06ruCpVibY2_ylP26OZZSjXgTIGDlHLhTA9z9X8dDlQonparfFSRhQFj0ytrGq5GKJyPOeKqCDinHhFbku8N0aPiKSU41nguu2s3TS7-SSQTuD0UHbG1_iszgaG34D1WmCpfK2ErpkLFFh-vQ8d0f4\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/twitter.com\/peckshield\/status\/1742334242120466580?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1742334242120466580%7Ctwgr%5Eb0a0ac68bf923cf1df69bab0b5613b390cc56d3b%7Ctwcon%5Es1_&amp;ref_url=https%3A%2F%2Fcoinpedia.org%2Fnews%2Fradiant-capital-suspends-operations-on-arbitrum-following-4-5-million-exploit%2F\" target=\"_blank\" rel=\"noopener\"><em>Source: X<\/em><\/a><\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Radiant_Capitals_Response\"><\/span>Radiant Capital&#8217;s Response<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">Radiant Capital immediately responded to the attack by placing a temporary freeze on its lending and borrowing markets on <a href=\"https:\/\/cryptobulls.biz\/blog\/arbitrum-dao-approves-staking-proposal-arb-token-price-surges\/\">Arbitrum<\/a>. Users were reassured by the platform that no more money had been stolen, and a thorough investigation was in progress. Protocol intends to return to regular operations after the investigation is finished and more security measures are put in place.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The attack on Radiant Capital via flash loans brings to light the difficulties DeFi platforms have in maintaining security. Strong processes are required by cryptocurrency miners and validators, particularly those who get block rewards greater than $10,000, in order to correctly identify and report transactions. In the same way, participants in decentralized exchanges need to be cautious because some lending protocols have vulnerabilities in their codebase.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Takeaway_for_DeFi\"><\/span>Takeaway for DeFi<span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\">The DeFi community should take a hard lesson from this incident, which highlights the necessity of tighter security controls, thorough code audits, and ongoing smart contract monitoring. Security lapses present serious risks as the cryptocurrency industry expands, so DeFi platforms need to give top priority to building strong defenses against advanced attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, the flash loan exploit by Radiant Capital highlights how security issues in the DeFi ecosystem are constantly changing. The crypto community as a whole needs to remain alert and give top priority to putting best practices into action in order to reduce the risks associated with flash loan attacks and other vulnerabilities in the quickly changing DeFi landscape, even as the platform attempts to address the incident and strengthen security measures.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Radiant Capital, a cross-chain lending protocol, recently encountered a flash loan exploit that led to the unethical withdrawal of $4.5 million (2337 ETH) from its&#8230;<\/p>\n","protected":false},"author":1,"featured_media":3259,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":""},"categories":[3],"tags":[],"class_list":["post-3256","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/posts\/3256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/comments?post=3256"}],"version-history":[{"count":1,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/posts\/3256\/revisions"}],"predecessor-version":[{"id":3257,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/posts\/3256\/revisions\/3257"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/media\/3259"}],"wp:attachment":[{"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/media?parent=3256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/categories?post=3256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptobulls.biz\/blog\/wp-json\/wp\/v2\/tags?post=3256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}