Sunday, 21 Jun, 2026

The Final Curtain: Radiant Capital Announces Shutdown Following Catastrophic $50 Million Exploit

9 mins read0Decentralized Finance (DeFi), , , , , , , , , , , , , ,

Radiant Capital (RDNT), once a prominent fixture in the decentralized finance (DeFi) lending landscape, has officially announced its permanent shutdown. The decision comes nearly two years after a sophisticated $50 million cyberattack crippled the protocol’s liquidity and shattered investor confidence. The closure marks a somber milestone in the DeFi sector, highlighting the persistent vulnerabilities of cross-chain protocols and the devastating long-term consequences of high-profile security breaches.

The protocol, which gained popularity for its cross-chain lending capabilities across multiple blockchain networks, was never able to fully recover from the "highly advanced" malware injection that occurred in October 2024. Despite intensive efforts by the development team, security consultants, and law enforcement agencies, the protocol’s path to sustainability became untenable as the hacker successfully liquidated the stolen assets for a massive profit in mid-2025.

Anatomy of a $50 Million Exploit: The October 2024 Breach

The downfall of Radiant Capital can be traced back to a singular, meticulously planned security breach on October 16, 2024. Unlike many DeFi hacks that exploit bugs in smart contract code, the Radiant breach was a sophisticated operational security (OpSec) failure involving a "highly advanced malware injection."

According to the protocol’s internal post-mortem, the attackers targeted the hardware wallets of multiple core developers. The breach occurred during a routine multi-signature (multi-sig) emissions adjustment process—a standard administrative task meant to adapt the protocol’s interest rates and rewards to current market conditions.

The technical execution of the hack was particularly alarming for the broader crypto industry. The malware compromised the developers’ local environments in such a way that the front-end interface of Safe Wallet (formerly known as Gnosis Safe) displayed legitimate, expected transaction data. However, in the background, the malware intercepted the transaction request and substituted it with "poisoned" transactions. When the developers signed the transactions on their hardware wallets, they were unknowingly authorizing the drainage of the protocol’s pools rather than adjusting emission rates.

This "man-in-the-middle" style attack on the administrative layer bypassed the traditional security benefits of hardware wallets and multi-sig configurations, as the signers believed they were verifying legitimate data.

Chronology: From Breach to Liquidation

The timeline of Radiant Capital’s demise illustrates the slow, painful erosion of a DeFi project following a major exploit.

October 2024: The Initial Shock

Immediately following the $50 million drain, Radiant Capital suspended its lending markets across Arbitrum, Binance Smart Chain (BSC), and Ethereum. The team engaged zeroShadow, a prominent Web3 security firm, and contacted U.S. law enforcement to track the movement of the stolen funds. At the time, the team expressed cautious optimism about recovering the assets or reaching a "white-hat" agreement with the attacker.

Late 2024 – Early 2025: The Struggle for Rebirth

Radiant attempted to restart its operations by implementing stricter security protocols and seeking new capital injections. However, the Total Value Locked (TVL), which had once peaked in the hundreds of millions, plummeted as users withdrew their remaining assets, fearing further vulnerabilities. The RDNT token, the protocol’s native utility asset, began a long-term downward trend as the "risk premium" associated with the platform became too high for institutional and retail lenders alike.

August 2025: The Hacker’s Exit

The final blow to any hopes of recovery came in August 2025. On-chain data tracked by the analytics firm Lookonchain revealed that the attacker, who had converted the original $50 million into approximately 21,957 Ethereum (ETH) shortly after the hack, began a massive sell-off.

The hacker offloaded the ETH at an average price of $4,562 per coin. Due to the appreciation of Ethereum’s price over the intervening months, the attacker recorded a staggering 93.5% profit on the original "loot." This successful liquidation signaled to the market that the stolen funds were likely gone forever, removing any remaining leverage the Radiant team had in potential negotiations or recovery efforts.

August 2025: The Shutdown Announcement

On Monday, Radiant Capital’s core team announced the cessation of all operations. With the native RDNT token trading at a mere $0.022—a fraction of its former value—and the treasury unable to compensate victims or fund further development, the protocol reached its inevitable conclusion.

Supporting Data: The Financial Impact

The scale of the loss and the subsequent market reaction are reflected in the stark on-chain data:

  • Total Stolen Value: ~$50 million (October 2024 valuation).
  • Asset Conversion: 21,957 ETH.
  • Liquidation Price: ~$4,562 per ETH (August 2025).
  • Hacker Profit Margin: 93.5% increase in value from the time of the theft to the time of sale.
  • RDNT Token Performance: The token hit a terminal low of $0.022 at the time of the shutdown announcement, representing a near-total loss of value for long-term holders.
  • TVL Erosion: Radiant’s Total Value Locked dropped from a high-growth trajectory to negligible levels as liquidity providers migrated to competitors like Aave and Compound.

Official Responses and Security Forensics

In their final communication to the community, the Radiant Capital team highlighted the unprecedented nature of the attack. Their post-mortem served as a warning to other decentralized autonomous organizations (DAOs).

"The devices were compromised in such a way that the front-end of Safe Wallet displayed legitimate transaction data while poisoned transactions were signed and executed in the background," the team stated. "This breach occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates."

Security firm zeroShadow, which worked closely with Radiant, noted that the malware used was likely a bespoke strain designed specifically to target Web3 developers. The firm’s analysis suggested that the attackers had likely maintained persistence in the developers’ systems for weeks or even months prior to the October 2024 strike, waiting for a high-value multi-sig event to occur.

Despite the involvement of U.S. law enforcement, the decentralized and pseudonymous nature of the Ethereum network allowed the hacker to obfuscate their tracks through various mixers and decentralized exchanges before the final August 2025 liquidation.

Broader Implications for the DeFi Industry

The shutdown of Radiant Capital sends shockwaves through the DeFi ecosystem, offering several critical lessons for developers, investors, and regulators.

1. The Myth of Multi-Sig Invincibility

For years, multi-sig wallets were considered the gold standard for protocol treasury and administrative security. The Radiant hack proves that multi-sig is only as secure as the interface used to interact with it. If the UI (User Interface) is compromised, the human signers are effectively flying blind. This event is expected to push the industry toward "What You See Is What You Sign" (WYSIWYS) standards and more robust verification of raw transaction data.

2. The Perils of Cross-Chain Complexity

Radiant’s model relied on LayerZero technology to facilitate cross-chain lending. While innovative, the complexity of managing liquidity across multiple chains increases the "attack surface." The more moving parts a protocol has—and the more administrative actions required to maintain those parts—the more opportunities exist for a catastrophic failure.

3. The "Zombie Protocol" Phenomenon

Radiant’s nearly year-long struggle between the hack and the shutdown illustrates the "Zombie Protocol" phenomenon. Often, a project will attempt to soldier on after a major exploit, but the loss of trust creates a feedback loop of declining liquidity and falling token prices that is almost impossible to reverse. Radiant’s experience suggests that unless a protocol can facilitate an immediate and full recovery of funds, a graceful wind-down may be more beneficial for the community than a prolonged struggle.

4. Regulatory Scrutiny

The involvement of U.S. law enforcement in a DeFi hack of this scale highlights the increasing intersection between decentralized protocols and traditional state authorities. As hackers become more adept at extracting and laundering tens of millions of dollars, the pressure for "Know Your Customer" (KYC) requirements at the protocol level or for developers may intensify, despite the ethos of decentralization.

Conclusion: A Warning for the DeFi Future

The story of Radiant Capital is a cautionary tale of how a single, highly sophisticated attack can dismantle years of development and community building. While the DeFi space continues to innovate, the Radiant exploit serves as a reminder that the greatest risks are often not in the code itself, but in the human and operational interfaces that manage that code.

As the RDNT token fades into obsolescence and the protocol’s front-end is taken offline, the industry is left to reflect on the vulnerability of administrative layers. For investors, the takeaway is clear: in the world of decentralized finance, security is not a static state but a constant, evolving battle. Radiant Capital’s $50 million lesson is one that the ecosystem will likely be studying for years to come.

Disclaimer: This report is based on available on-chain data and official statements from Radiant Capital. Cryptocurrency investments carry high risk. The collapse of Radiant Capital underscores the potential for total loss of capital in DeFi protocols.

Related Posts