- Radiant Capital suffered a $4.5 million flash loan exploit that drained funds from the protocol due to a bug that allowed repeated deposits and withdrawals for profit
- Radiant is repaying the debt using existing funds from the Radiant DAO Treasury and monthly protocol revenue, with 73% of users approving the plan
- Radiant made an initial repayment of $2.6 million and plans to pay off the remaining $1.6 million debt over the next 90 days using reserves and revenue
Radiant Capital, a cross-chain lending protocol, is in the process of repaying debt after a flash loan exploit drained $4.5 million from the protocol earlier this month. The exploit took advantage of a bug in Radiant’s codebase, allowing the attacker to profit through repeated deposit and withdrawal operations. Here’s an overview of what happened and how Radiant is recovering.
On January 2nd, Radiant’s USD Coin lending pool on the Arbitrum network was exploited for $4.5 million after the attacker discovered a rounding issue in the Radiant codebase. This led to a cumulative precision error that enabled the attacker to drain the equivalent of 13% of Radiant’s total value locked.
The Root Cause
According to blockchain analytics firm Beosin, the root cause of the exploit is not new. It basically takes advantage of a time window when a new market is activated in a lending market forked from popular protocols like Compound and Aave.
The Recovery Plan
In the aftermath, Radiant passed proposal RFP-27 to repay the bad debt using existing funds from the Radiant DAO Treasury and operating expenditures. Nearly three-quarters (73%) of users voted for this plan.
At the time, the Radiant DAO Treasury had a balance of $5.2 million while protocol revenue amounted to approximately $500,000 per month.
On January 23rd, Radiant announced an initial debt repayment of 1,190 Ether ($2.6 million) with approximately 720 ETH ($1.6 million) of bad debt remaining.
The remaining bad debt will be paid off over the next 90 days through operating expenditures, with the ability to leverage DAO reserve funds if liquidity becomes available sooner.
While the exploit was certainly a setback, Radiant appears to be on track to fully reimburse the lost funds within a reasonable timeframe. The protocol has reiterated its commitment to user safety and unrestricted access to deposits. It’s an encouraging sign of resilience for the young platform.