Radiant Capital, once one of the largest cross-chain lending platforms in decentralized finance (DeFi), has announced plans to wind down operations after failing to recover from a devastating exploit that drained more than $50 million from the protocol in October 2024.
In a recent community update, Radiant’s decentralized autonomous organization (DAO) said it could no longer identify a viable path forward after months of attempts to recover stolen assets, attract new funding, and restore user activity. The decision comes roughly 18 months after the attack that fundamentally altered the protocol’s trajectory.
From DeFi Growth to Rapid Decline
Launched in 2022, Radiant Capital aimed to unify liquidity across multiple blockchains, allowing users to borrow and lend assets across networks through a single platform. The protocol gained significant traction during 2023 and became one of the leading lending projects in the DeFi sector.
At its peak, Radiant’s total value locked (TVL) reached approximately $386.8 million in December 2023, according to protocol data. However, that momentum came to a halt following a major security breach in October 2024.
The exploit resulted in the loss of more than $50 million worth of crypto assets from Radiant’s deployments on Arbitrum and BNB Chain. User confidence quickly deteriorated, liquidity exited the protocol, and TVL fell sharply in the months that followed.
Despite efforts to stabilize operations and rebuild trust, the platform was unable to regain its previous position in the market.
Protocol Data (Source: DefilLama)
DAO Concludes Recovery Is No Longer Sustainable
According to Radiant’s latest statement, contributors explored multiple recovery strategies, including asset recovery efforts, funding discussions with potential backers, and broader initiatives aimed at restarting protocol growth.
Those efforts ultimately failed to generate the resources necessary for long-term sustainability.
The DAO stated that without meaningful recovery of stolen funds, fresh investment, or a return in protocol activity, continuing to operate as a full-scale DeFi lending platform was no longer realistic. As a result, governance participants voted to begin a gradual wind-down process.
Protocol Will Remain Online
Radiant emphasized that the protocol is not shutting down immediately. Instead, it will enter what the team describes as a maintenance mode.
Under this structure, users will continue to have access to core protocol functions, including:
- Withdrawing deposited assets
- Repaying loans
- Managing existing positions
- Closing open borrowing positions
The frontend interface and smart contracts will remain operational, allowing users time to safely exit the protocol if they choose. However, development work, new feature releases, ecosystem expansions, and chain integrations will cease.
The DAO also announced plans to gradually reduce borrowing caps across all lending markets to zero, effectively preventing new lending activity while preserving existing user access.
In addition, RDNT token incentives for lenders and borrowers will be discontinued as treasury resources are redirected toward maintaining infrastructure and supporting remaining recovery efforts.
Radiant Capital to Wind Down Operations
North Korea-Linked Attack Became a Turning Point
Investigations into the October 2024 exploit linked the attack to sophisticated cybercriminals associated with North Korea.
Radiant previously disclosed that attackers gained access through malware distributed via Telegram. According to the project, a malicious ZIP file was shared with contributors while posing as a legitimate request for feedback, ultimately compromising key systems involved in protocol governance.
A subsequent investigation by cybersecurity firm Mandiant attributed the attack to the AppleJeus campaign, a North Korea-linked operation known for targeting cryptocurrency organizations through social engineering tactics.
Mandiant reported that the attackers gained control of multiple multisig signer permissions and deployed a malicious contract upgrade, enabling them to steal approximately $53 million from Radiant’s lending pools.
The incident highlighted a growing trend in crypto-related cybercrime, where attackers increasingly rely on long-term trust-building and targeted malware campaigns rather than traditional smart contract vulnerabilities alone.
North Korea-Linked Attack Became a Turning Point
Recovery Efforts Continue
Although Radiant is ending active development, the DAO said recovery initiatives connected to the exploit will remain in place.
The protocol’s remediation portal will stay open, and any assets recovered in the future will be distributed to affected users.
However, recovery efforts have faced significant challenges. Blockchain security firm CertiK previously reported that wallets associated with the attackers moved portions of the stolen funds through Tornado Cash, making them substantially more difficult to trace and recover.
A Difficult Ending for a Once-Leading Protocol
Radiant Capital’s wind-down underscores the lasting impact that major security breaches can have on DeFi projects. Once a fast-growing protocol with hundreds of millions of dollars in user assets, Radiant ultimately proved unable to overcome the financial and reputational damage caused by the 2024 exploit.
As the platform transitions into maintenance mode, it joins a growing list of crypto projects whose futures were permanently altered by large-scale cyberattacks, serving as another reminder that security remains one of the industry’s most critical challenges.
