Radiant Capital, a cross-chain lending protocol, has suspended its lending and borrowing marketplaces on Arbitrum after suffering an attack in which a hacker stole $4.5 million.
As reported by the platform:
"Today, we received a report of an issue with the newly created native USDC market on Arbitrum."
According to Blockchain cybersecurity firm Beosin, the hacker has carried out a flash lending attack in which the attacker has exploited a "rounding issue" in the codebase, "which led to a cumulative precision error."
This has allowed the "attacker to profit through repeated deposit and withdraw operations."
PeckShield wrote:
"The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave)."