A native USDC market launched on Arbitrum by Radiant Capital, a multi-chain lending agreement, appears to have a vulnerability. Attackers exploited this vulnerability to transfer approximately 1900 ETH, worth about $4.4 million, from rETH. The team has urgently closed the lending market on Arbitrum to prevent further losses.
According to PeckShield, the attackers took advantage of a known vulnerability. There is a time window when a new market is activated on the lending market (a fork of Compound/Aave), during which hackers can launch attacks. Additionally, PeckShield added that setting the Collateral Factor (CF) to 0 when creating a new market can effectively avoid this issue.
After the incident, the contract deployers of Radiant Capital sent messages to the exploiters through on-chain messages:
[Image]
[Image]
Due to the limited scale of the attack, the price of the RDNT token has not been severely affected. However, users should not take this lightly and should be cautious of false information on community platforms. Many fake accounts are spreading false news and enticing users to click phishing links under the guise of “revoking authorization.” Please be vigilant.
[Image]
[Image]
