Radiant Capital has announced the reopening of its lending and borrowing markets on Arbitrum after conducting an extensive security review.
The decision to resume operations follows a detailed review and resolution of a security breach that resulted in a substantial loss of $4.5 million worth of Ethereum. The review involved collaboration with OpenZeppelin, independent Ethereum researchers, and white hat hackers.
After this thorough analysis, the Radiant DAO Council decided to unpause market operations. The company has also implemented additional safeguards to prevent similar incidents in the future, with a specific focus on enhancing security protocols.
Security Analysis and Resolution
Radiant Capital has announced that users are now free to use all available lending and borrowing markets on Arbitrum. The company mentioned that native USDC would be brought live in the coming days after additional reviews to ensure its safety.
To address potential financial discrepancies resulting from the pause, Radiant Capital disclosed plans for a Snapshot proposal. According to the announcement, “A Snapshot proposal for the DAO regarding the methodology to repay the excess debt and fully recapitalize the Arbitrum WETH market will go up for a vote shortly.”
The post also mentioned that the liquidation bonus would initially be set to 1 basis point (bps), the lowest level possible. This is to allow users a grace period to improve health scores before gradually returning to normal levels over the next 24 hours.
Radiant Capital, based on an analysis by Chaos Labs, has stated that the total collateral at risk of liquidation is less than $100,000. The impact of this amount can be minimized by the 1 basis point (bps) liquidation bonus, as mentioned in the announcement. This measure is designed to provide a grace period for users to improve health scores before gradually returning to normal levels over the next 24 hours.
Radiant Capital Hacked with $4.5 Million Ethereum Loss
The blockchain security firm PeckShield Inc. disclosed that a hacker exploited a time window during the deployment of a new USDC market on Radiant Capital’s network. Within six seconds, the hacker drained 1,900 Ethereum tokens. The attack was conducted on a lending market, which is a fork from popular platforms like Compound and Aave. PeckShield identified the root cause as the exploitation of the time window during the activation of a new market, coupled with a known rounding issue in the current Compound/Aave codebase.
Radiant Capital acknowledged the hack in their official post and temporarily closed the Arbitrum markets in response to the security breach.