Radiant Capital announced it will wind down operations after failing to recover from a roughly $50 million exploit and secure new funding to continue running the protocol. The DAO said continued remediation efforts, attempts to raise capital, and community support were not enough to restore a sustainable path forward.
Key points
– Radiant will enter a maintenance state: the frontend and smart contracts remain online so users can withdraw funds, repay loans, and manage positions; active development and upgrades will stop.
– The October 2024 exploit — later linked to North Korea-aligned actors — drained the protocol and left it underfunded; recovery efforts have been limited, in part because portions of the stolen funds were routed through Tornado Cash.
– The DAO will keep its remediation portal open and said any assets recovered in the future will be returned to affected users.
Background
Launched in 2022 as a cross-chain lending protocol, Radiant grew quickly and reported a peak total value locked (TVL) of about $386.8 million in December 2023. After the October 2024 breach, TVL plunged to roughly $75 million and then to about $5 million within weeks.
Attack details and attribution
Radiant’s post-mortem found the attack began when a malicious ZIP file—allegedly distributed by an attacker posing as a former contractor via Telegram—was shared with developers. That malware provided an entry point leading to a compromise of the protocol’s multisig controls. Cybersecurity firm Mandiant later linked the incident to the AppleJeus group, which it associates with North Korea’s cyber operations. According to the investigation, attackers gained control of three of the protocol’s eleven multisig signer permissions and replaced the lending pool implementation contract, enabling the theft of approximately $53 million from the Arbitrum and BNB Chain deployments.
Recovery attempts and laundering complications
Radiant and outside investigators pursued recovery of stolen assets, but progress was limited. Blockchain security firm CertiK reported that wallets tied to the attacker moved 2,834 ETH into the Tornado Cash mixer after swaps and address hops, an amount CertiK estimated at about $10.8 million. Those mixing steps have complicated tracing and recovery.
Consequences and next steps
With depleted funds and no new investment forthcoming, Radiant’s DAO decided to stop active development and scale back operations. The protocol will remain available in read/write maintenance mode so users can exit positions and withdraw funds. DAO contributors will step away from day-to-day operations, though the remediation portal will remain open and any future recoveries will be distributed to affected users.
Broader impact
The Radiant breach and its ties to nation-state–linked actors underscore the persistent risks DeFi projects face from sophisticated, financially motivated threat groups. The same attackers were later implicated in other high-profile incidents, and the market reacted negatively to the winding-down announcement: Radiant’s RDNT token dropped about 4.2% on the news.
Radiant’s closure marks the end of a rapid rise-and-fall for a once-prominent cross-chain lender and highlights ongoing challenges in asset recovery, multisig security, and defending open finance against advanced threat actors.