Radiant Capital’s multi-chain lending agreement has launched a native USDC market on Arbitrum, but appears to have a vulnerability. An attacker exploited this vulnerability to transfer approximately 1900 ETH from rETH, totaling around $4.4 million. The team has urgently closed the lending market on Arbitrum to prevent further losses.
According to Pie Shield, the attacker exploited a known vulnerability, taking advantage of a time window when a new market is activated in the lending market (a fork project of Compound/Aave). Additionally, Pie Shield added that setting the Collateral Factor (CF) to 0 when creating a new market can effectively prevent this issue.
After the incident, the deployer of the Radiant Capital contract left a message for the exploiters via on-chain messages:
Due to the small scale of the attack, the price of the RDNT token has not been severely affected. However, users should not take this lightly and should be cautious of false information on community platforms. Many fake accounts are spreading false information and luring users to click phishing links under the guise of “revoking authorization.” Please be vigilant.