Friday, 19 Jun, 2026

The Fall of Radiant Capital: A $50 Million Security Breach and the Death of a DeFi Pioneer

9 mins read0Decentralized Finance (DeFi), , , , , , , , , , , ,

The decentralized finance (DeFi) ecosystem has long been characterized by a high-stakes tug-of-war between innovation and exploitation. On Monday, this struggle claimed one of its most prominent victims. Radiant Capital (RDNT), once a cornerstone of the cross-chain lending landscape, officially announced the cessation of its operations. The decision comes nearly a year after a catastrophic security breach in October 2024, during which sophisticated cybercriminals siphoned $50 million from the protocol.

The shutdown marks the final chapter for a project that sought to unify liquidity across multiple blockchain networks. However, the technical sophistication of the attack, combined with the hacker’s ability to successfully launder and profit from the stolen assets, created an insurmountable hurdle for the protocol’s recovery.

Main Facts: The Anatomy of a Protocol’s Collapse

Radiant Capital’s demise is rooted in a highly coordinated "malware injection" attack that targeted the very core of its governance and operational structure. Unlike many DeFi hacks that exploit bugs in smart contract code, the Radiant breach was a masterclass in social engineering and hardware compromise.

In October 2024, attackers managed to compromise the hardware wallets of several key developers. By injecting malware into the front-end interface of the Safe Wallet (formerly known as Gnosis Safe), the attackers were able to deceive the developers during a routine administrative task. While the developers believed they were signing a standard multi-signature transaction for "emissions adjustments"—a process used to calibrate token rewards based on market conditions—the malware was executing "poisoned transactions" in the background.

This subtle manipulation allowed the hackers to drain approximately $50 million in various crypto assets across the protocol’s supported chains, including Arbitrum and Binance Smart Chain (BSC). Following the breach, the protocol struggled to maintain user confidence and liquidity, leading to the eventual decision to sunset the platform in August 2025.

Chronology: From Exploitation to Exit

The timeline of Radiant Capital’s downfall illustrates the "slow-motion car crash" often seen in the aftermath of major DeFi exploits.

October 2024: The Fatal Blow

During a periodic multi-signature emissions adjustment, the Radiant development team accessed their Safe Wallet interfaces. Unbeknownst to them, their local environments had been compromised by advanced malware. The front-end displayed legitimate data, but the transaction payloads being sent to the hardware wallets for signing were malicious. Once the threshold of signatures was met, the protocol’s reserves were drained.

Late 2024 – Early 2025: The Recovery Attempt

Immediately following the hack, Radiant paused its lending markets and initiated an emergency response. The team partnered with web3 security firm zeroShadow and contacted U.S. law enforcement agencies. Efforts were made to blacklist the attacker’s addresses and freeze assets on centralized exchanges. However, the decentralized nature of the stolen assets made comprehensive recovery nearly impossible.

August 2025: The Hacker’s Windfall

While the Radiant team fought to keep the protocol afloat, the attacker remained patient. On-chain data tracked by the analytics firm Lookonchain revealed that the hacker eventually converted the stolen loot into 21,957 Ethereum (ETH). In August 2025, as the crypto market saw a significant rally, the hacker began offloading the ETH at an average price of $4,562 per coin. This strategic exit resulted in a staggering 93.5% profit on the original stolen value.

August 2025: The Final Shutdown

With the hacker successfully liquidating the funds and the RDNT token price collapsing to $0.022—a fraction of its former value—the Radiant Capital DAO and core team determined that the protocol was no longer viable. The announcement of the shutdown was made on Monday, signaling the end of the cross-chain lending experiment.

Supporting Data: The Mechanics of the Breach

The technical details provided in Radiant’s post-mortem reveal a terrifying evolution in cyberattacks against decentralized protocols.

The Safe Wallet Compromise

The use of Safe Wallet is considered a gold standard for DeFi security, as it requires multiple parties to approve a transaction. The Radiant attackers bypassed this by targeting the "human-to-machine" interface. By compromising the developers’ local machines, they manipulated the Document Object Model (DOM) of the wallet’s web interface.

The developers saw "Transaction: Adjust Emissions" on their screens, but the hardware wallets received "Transaction: Transfer All Funds." Because hardware wallets often display complex hex data that is difficult for humans to parse quickly, the developers relied on the (compromised) web interface for verification.

Financial Impact and Tokenomics

The financial repercussions were devastating. At its peak, Radiant Capital held hundreds of millions in Total Value Locked (TVL). Following the October 2024 hack:

  • Total Stolen: ~$50 million.
  • Token Devaluation: The RDNT token, which served as the utility and governance asset, plummeted. By August 2025, it reached a low of $0.022.
  • Hacker’s Profitability: By holding the stolen funds in ETH during a market upswing, the attacker turned a $50 million theft into a nearly $100 million liquidation event.

Official Responses and Security Post-Mortem

Radiant Capital’s official communications throughout the crisis were marked by transparency, yet they highlighted the limitations of current DeFi security frameworks.

In their final post-mortem, the team stated:

"The devices were compromised in such a way that the front-end of Safe Wallet displayed legitimate transaction data while poisoned transactions were signed and executed in the background. This breach occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates."

The security firm zeroShadow worked extensively to track the movement of funds through mixers and cross-chain bridges. While they were able to provide "actionable intelligence" to law enforcement, the "permisionless" nature of Ethereum meant that once the hacker moved funds into private wallets or decentralized liquidity pools, the trail grew cold for traditional freezing mechanisms.

U.S. law enforcement involvement was confirmed, though no arrests have been announced. The incident has been added to a growing list of DeFi exploits being investigated by the FBI’s Virtual Assets Unit, focusing on the sophisticated malware strains used to target crypto developers.

Implications: Lessons for the Future of DeFi

The closure of Radiant Capital serves as a sobering reminder of the vulnerabilities inherent in decentralized systems. Several key implications emerge from this event:

1. The Vulnerability of "Admin Keys"

Even with multi-signature security, the human element remains a single point of failure. If the tools used to interact with the blockchain are compromised, the underlying security of the smart contract becomes irrelevant. This event will likely push the industry toward "Blind Signing" protections and more robust hardware wallet interfaces that can decode transaction data into human-readable formats more effectively.

2. The Persistence of the "DeFi Death Spiral"

When a lending protocol loses a significant portion of its reserves, it enters a death spiral. Lenders withdraw their remaining capital out of fear, liquidity dries up, and the native token loses its utility. Radiant’s inability to recover despite nearly a year of effort suggests that for many DeFi projects, a major hack is a terminal event regardless of the team’s talent or intentions.

3. The Hacker’s Market Advantage

The Radiant hack highlights a disturbing trend: hackers are becoming "long-term investors." By stealing assets and converting them to blue-chip cryptocurrencies like ETH, attackers can wait for market cycles to amplify their gains. The 93.5% profit realized by the Radiant hacker demonstrates that the rewards for successful exploits are growing, further incentivizing sophisticated cyber-criminal groups.

4. Regulatory Pressure on Cross-Chain Protocols

Radiant operated across multiple chains using LayerZero technology. Regulators are increasingly looking at these "interoperability layers" as potential weak points for money laundering. The Radiant shutdown may accelerate calls for stricter KYC/AML requirements for developers and "guardians" of cross-chain bridges and lending markets.

Conclusion

The dissolution of Radiant Capital is a landmark event in the 2024-2025 crypto cycle. It illustrates that in the world of decentralized finance, code is not the only law—operational security is equally paramount. As the RDNT token fades into the annals of crypto history, the industry is left to grapple with a difficult reality: as long as humans are required to sign transactions, the "poisoned transaction" remains a threat that no amount of decentralization can fully solve.

For the investors and users who lost funds, the Radiant saga is a painful lesson in the risks of the "frontier" of finance. For the broader industry, it is a clarion call to evolve beyond current multi-sig standards and develop more resilient interfaces for the next generation of decentralized applications.

Related Posts