Cross-chain lending protocol Radiant Capital has suffered a hack resulting in the loss of 1,900 ETH, equivalent to approximately $4.5 million, according to blockchain security and analytics firm PeckShield Inc.

Radiant Capital operates as a decentralized borrowing and lending protocol featuring cross-chain functionality built using LayerZero technology. As of the latest data from DefiLlama, the protocol has around $315 million in total value locked.

Radiant Capital Investigates Flash Loan Attack

PeckShield explained the Radiant Capital incident as the hacker exploiting a time window just six seconds after the activation of a new USDC market in the lending system.

The attacker capitalized on a “rounding issue” in the codebase, leading to cumulative precision errors. This loophole allowed them to profit through repeated deposit and withdrawal operations, as stated in a post on X.

Today’s hack on @RDNTCapital results in the loss of 1.9k eth (~$4.5m).

The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding… https://t.co/XogWUVO3po pic.twitter.com/x5X9ql8AGA

— PeckShield Inc. (@peckshield) January 2, 2024

Radiant Capital, addressing the issue on X, mentioned that the Radiant DAO Council has temporarily suspended lending and borrowing markets on Arbitrum.

The protocol has acknowledged that the incident is a result of an “issue with the newly created native USDC market on Arbitrum.” It assures users that a postmortem report will be published once the problem is resolved.

Today, we received a report of an issue with the