Radiant Capital, the cross-chain lending blockchain, has commenced the repayment of its debt following a flash loan vulnerability that resulted in a loss of $4.5 million from the protocol's funds earlier this month. The announcement on January 23 revealed that Radiant successfully made a down payment of 1,190 Ethereum ($2.6 million), leaving approximately 720 ETH ($1.6 million) in remaining bad debts. Radiant staff explained that the outstanding debt would be repaid over the next 90 days using OpEX funds specified in RFP-27 or DAO reserve funds if liquidity becomes available sooner.
The reimbursement aligns with the RFP-27 proposal adopted on January 8, where 73% of users voted to utilize existing funds and operating expenses from the Radiant DAO Treasury to settle bad debts. At the time of adoption, the Radiant DAO Treasury had a balance of $5.2 million, with protocol revenue standing at around $500,000 per month. Developers emphasized the need for the protocol's recapitalization and full repayment of bad debts to ensure security and guarantee unrestricted access to deposits for all users.
The exploit on January 2 involved attackers exploiting a $4.5 million loan pool denominated in USD Coin on the Arbitrum network. The attackers took advantage of a rounding issue in the Radiant codebase, resulting in cumulative precision errors. This vulnerability allowed them to profit from repeated deposit and withdrawal operations. Beosin, a blockchain analytics firm, indicated that the root cause is not new and exploits the time window for new market activation in the lending market, resembling a fork from popular platforms like Compound and Aave. The incident consumed approximately 1.3% of Radiant's total value locked when it occurred.
