Decentralized lending platform Radiant Capital has reopened its lending and borrowing markets on Arbitrum following a comprehensive security review conducted after a $4.5 million exploit earlier this month.
The Security Breach
On December 15, Radiant Capital announced that a security breach had resulted in the loss of $4.5 million worth of Ethereum. Independent security researchers from OpenZeppelin, along with white hats and the Radiant DAO Council, conducted an audit of the incident.
According to PeckShield Inc., 1,900 Ethereum tokens were stolen from Radiant Capital’s network within six seconds of activating the new USDC market due to an exploit. The exploit took advantage of a brief time window upon market activation and a known rounding issue in Compound and Aave’s codebase.
After the security review confirmed that operations could safely resume, Radiant Capital reopened its markets on Arbitrum.< Radiant Capital has added new security measures to prevent future attacks, focusing on enhanced security protocols.
USDC markets will be reintroduced after further reviews due to their increased complexity. To resolve issues from the pause, Radiant Capital will create a Snapshot proposal for the DAO to vote on how to repay excess debt and recapitalize the Arbitrum WETH market.
Liquidation bonuses have been set at 1 bps initially to give users time to improve their health scores before returning to standard levels within 24 hours. Radiant Capital expressed gratitude to security researchers at Hypernative Labs and the white hat community for their quick response.
According to Chaos Labs’ analysis, the total collateral at risk of liquidation was under $100,000, and the impact could be minimized with the 1 bps bonus. Radiant Capital acknowledged the hack and temporarily shut down its Arbitrum markets before resuming operations.