Tuesday, 07 Jul, 2026

The Fall of Radiant Capital: A $50 Million Security Breach Forces Final Shutdown

In a move that signals the end of one of the most prominent cross-chain lending protocols in the decentralized finance (DeFi) sector, Radiant Capital (RDNT) has officially announced the cessation of its operations. The decision, made public on Monday, comes nearly two years after a catastrophic security breach in October 2024 that saw attackers drain approximately $50 million from the platform. Despite exhaustive efforts to recover funds, collaborate with law enforcement, and rebuild user trust, the protocol’s leadership determined that the path to sustainability had been irrevocably severed by the long-term consequences of the exploit.

The shutdown marks a somber chapter for the DeFi community, highlighting the persistent vulnerabilities in cross-chain infrastructure and the sophisticated nature of modern cyberattacks targeting hardware wallet interfaces and multi-signature (multi-sig) governance processes.

Main Facts: The Anatomy of a Protocol’s Collapse

Radiant Capital was designed as an omnichain money market, allowing users to deposit collateral on one blockchain and borrow against it on another. Leveraging LayerZero’s technology, it aimed to unify liquidity across disparate ecosystems like Arbitrum, Binance Smart Chain (BSC), and Ethereum. At its peak, Radiant was considered a cornerstone of the Arbitrum ecosystem, attracting hundreds of millions of dollars in Total Value Locked (TVL).

However, the protocol’s trajectory was permanently altered in October 2024. The breach was not a simple smart contract bug but a "highly advanced malware injection" that targeted the human element of the protocol’s security—the developers themselves. By compromising the local environments of several core contributors, the attackers were able to manipulate the data displayed on hardware wallets during a routine administrative task.

The financial fallout was immediate, but the "death blow" was delivered in August 2025, when on-chain data revealed the attacker had successfully laundered and sold the stolen assets for a massive profit. With the native RDNT token plummeting to a fraction of its former value and the protocol’s treasury unable to cover the deficit, the decision to wind down operations became inevitable.

Chronology of the Crisis: From Exploit to Exit

The timeline of Radiant Capital’s downfall is a study in how a single afternoon of compromised security can undo years of development.

October 2024: The Initial Breach

During a scheduled multi-signature emissions adjustment—a routine process used to calibrate token rewards based on market utilization—three of the protocol’s signers fell victim to a sophisticated malware attack. While the signers believed they were approving standard administrative transactions, the malware intercepted the data. The front-end of their Safe Wallet (formerly Gnosis Safe) displayed the expected transaction details, but the signature generated was actually for a malicious contract interaction. This allowed the attacker to seize control of the protocol’s lending pools and drain $50 million in various assets.

Late 2024 – Early 2025: The Recovery Effort

In the immediate aftermath, Radiant Capital paused its markets and engaged zeroShadow, a prominent Web3 security firm, alongside US law enforcement agencies. The protocol attempted to negotiate a "white hat" bounty with the hacker, offering a percentage of the funds in exchange for the return of the rest. These overtures were ignored. Throughout early 2025, the team focused on "Radiant V3," an attempt to reboot the protocol with enhanced security measures and a plan to compensate victims through future protocol revenue.

August 2025: The Hacker’s Liquidation

The hope for a recovery was shattered in August 2025. On-chain analytics firm Lookonchain reported that the exploiter, who had been quietly holding the stolen loot in various intermediary wallets, began a massive liquidation process. The hacker converted the stolen assets into 21,957 Ethereum (ETH). Leveraging a surge in the crypto market, the attacker sold the ETH at an average price of $4,562 per coin. This maneuver resulted in a staggering 93.5% profit on the original stolen amount, effectively moving the funds beyond the reach of any "freeze" orders or recovery efforts.

Monday, August 2025: The Shutdown Announcement

Following the hacker’s successful exit and the continued stagnation of the RDNT token price, the Radiant team announced the official shutdown. The announcement cited the impossibility of maintaining the protocol’s security budget and the lack of a viable path to making affected users whole.

Supporting Data: The Financial Toll

The scale of the Radiant Capital failure is best understood through the numbers that defined its final months.

  • Total Loss: $50,000,000 at the time of the exploit.
  • Hacker’s Profit Realization: By waiting for market appreciation, the attacker turned the $50 million exploit into a haul worth significantly more in ETH-denominated terms, eventually cashing out for nearly $100 million in USD value.
  • Token Devaluation: The native RDNT token, which once traded at highs above $0.40 during the 2023-2024 period, crashed to $0.022 by the time of the shutdown announcement.
  • Liquidity Drain: Following the October 2024 hack, the TVL on Radiant dropped by over 70% within 48 hours as users rushed to withdraw remaining funds, a blow from which the protocol never recovered.

The analytics provided by Lookonchain were instrumental in confirming that the funds were gone. The hacker’s ability to sit on the assets for nearly a year before selling suggests a high level of sophistication and a lack of fear regarding law enforcement intervention in certain jurisdictions.

Official Responses and Technical Post-Mortem

In their final post-mortem, the Radiant Capital team provided a chilling look at the technical nature of the attack. They clarified that the breach did not occur because of a flaw in the blockchain itself, but rather a "man-in-the-middle" style attack on the developers’ hardware.

"The devices were compromised in such a way that the front-end of Safe Wallet displayed legitimate transaction data while poisoned transactions were signed and executed in the background," the team stated. "This breach occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates."

The security firm zeroShadow noted that this type of "blind signing" exploit is becoming increasingly common. Attackers use malware to intercept the communication between the browser and the hardware wallet. Even though the user checks the screen on their computer, the hardware wallet receives a different set of instructions.

US law enforcement agencies, including the FBI’s virtual asset units, were reportedly involved in the investigation. While they were able to blacklist certain addresses associated with the hacker on centralized exchanges, the use of decentralized mixers and cross-chain bridges allowed the attacker to obfuscate the trail sufficiently to exit into fiat or stablecoins.

Implications for the DeFi Ecosystem

The shutdown of Radiant Capital carries heavy implications for the future of decentralized finance, specifically regarding security and the "trustless" nature of these platforms.

1. The Myth of Hardware Wallet Invincibility

For years, the gold standard for crypto security has been the use of hardware wallets (like Ledger or Trezor) combined with multi-signature schemes. The Radiant hack proves that these are not silver bullets. If the interface used to interact with these devices is compromised, the "physical" confirmation by the user becomes a confirmation of a lie. This event is likely to trigger a shift toward "transaction simulation" tools that verify what a transaction will do on the blockchain before it is signed.

2. The Fragility of Cross-Chain Liquidity

Radiant’s model relied on the seamless movement of assets across chains. When one part of the bridge or the protocol’s governance is compromised, the contagion spreads across all supported networks. The shutdown will likely lead to a period of consolidation where users favor simpler, single-chain protocols over complex omnichain architectures.

3. Regulatory Pressure

The failure of a major protocol like Radiant, especially one that resulted in significant losses for retail investors, provides ammunition for regulators seeking to impose stricter oversight on DeFi. The "routine" nature of the task that led to the hack—emissions adjustment—highlights the risks inherent in the manual management of decentralized protocols.

4. The Long Shadow of the "Exploiter"

The fact that the hacker was able to wait nearly a year and exit with a 93% profit sends a dangerous signal to the cybercriminal underworld. It suggests that despite the "transparency" of the blockchain, the current tools available to law enforcement are often insufficient to stop a determined and patient actor from cashing out.

As Radiant Capital begins the process of sunsetting its smart contracts and advising users on how to withdraw any remaining dust from its pools, the DeFi community is left to reflect on a hard-learned lesson: in the world of decentralized finance, code is law, but the human interface remains its weakest link. The $50 million loss is not just a figure on a balance sheet; it is a permanent scar on the landscape of cross-chain innovation.