Radiant Capital has announced plans to wind down operations after failing to recover from a $50 million exploit that devastated the lending protocol and left it without sufficient funding to continue.
Summary
- Radiant Capital said it will wind down operations after failing to recover from a $50 million exploit and secure new funding.
- The protocol will remain online in a maintenance state, allowing users to withdraw funds and manage positions while development work ends.
- Investigations linked the 2024 attack to North Korea-aligned threat actors, while recovery efforts were hindered after portions of the stolen funds moved through Tornado Cash.
According to a statement published Monday by Radiant’s decentralized autonomous organization, the protocol could no longer identify a viable route forward after unsuccessful attempts to recover stolen assets, raise fresh capital, and maintain the resources needed to operate responsibly.
In a separate update shared on X, the DAO said contributors and community members had continued supporting the platform under increasingly challenging circumstances. The organization stated that without recovered funds, new investment, or renewed growth, the protocol could not remain sustainable.
The decision closes a difficult chapter for a project that once ranked among the largest cross-chain lending platforms.
Launched in 2022, Radiant sought to unify liquidity across multiple blockchains and grew rapidly during 2023. Data from the protocol shows its total value locked reached $386.8 million in December 2023.
Fortunes changed sharply after an October 2024 exploit that security researchers and later investigations linked to North Korean threat actors. Following the breach, Radiant’s total value locked fell to roughly $75 million and dropped to about $5 million within weeks, according to protocol data.
Recovery efforts failed to restore the protocol
While operations are being scaled back, Radiant said the protocol will not disappear entirely. Instead, it will move into what it described as a maintenance state.
Under that arrangement, the frontend will remain online, smart contracts will stay accessible, and users will still be able to withdraw assets, repay loans, and manage existing positions. Development work, protocol upgrades, and expansion efforts, however, will cease as DAO contributors step away from active operations.
Radiant also urged users to manage their exposure carefully while the protocol enters its final phase.
Remaining recovery initiatives connected to the hack will continue. The DAO said its remediation portal will stay open and any assets recovered in the future will be returned to affected users.
Previous recovery efforts have produced limited results. In October 2025, blockchain security firm CertiK reported that wallets linked to the attacker deposited 2,834 ETH into Tornado Cash after moving funds through multiple addresses and swaps involving DAI.
CertiK estimated that approximately $10.8 million worth of Ethereum had already been laundered through the mixer, complicating efforts to trace and recover the stolen assets.
North Korea-linked attack became a turning point
Radiant said in December 2024 that an attacker posing as a former contractor distributed malware through Telegram. According to the protocol, a malicious ZIP file circulated among developers for feedback, creating an entry point that ultimately led to the compromise.
A post-mortem investigation from cybersecurity firm Mandiant later linked the incident to the AppleJeus hacking group, which it identified as part of North Korea’s cyber ecosystem.
According to Mandiant, the attackers gained control of three of Radiant’s eleven multisig signer permissions and replaced the lending pool’s implementation contract, allowing them to steal approximately $53 million from the Arbitrum and BNB Chain deployments.
The tactics used in the attack later surfaced in other major crypto incidents. In April 2026, Drift Protocol said it had medium-high confidence that the same actors behind the Radiant breach were responsible for a separate exploit against its platform. Drift’s investigation concluded that the group spent months building trust with contributors through conference meetings and professional contacts before deploying malicious tools and links.
Market reaction to Radiant’s closure announcement remained negative. The protocol’s RDNT token fell 4.2% after the news.
