Tuesday, 14 Jul, 2026

The Fall of Radiant Capital: From DeFi Innovation to a $50 Million Fatal Breach

The decentralized finance (DeFi) ecosystem has long been characterized by its "move fast and break things" ethos, but for Radiant Capital (RDNT), the breakage proved terminal. On Monday, the cross-chain lending protocol officially announced the cessation of its operations, marking the end of a nearly year-long struggle to survive following one of the most sophisticated cyberattacks in the history of the sector.

The closure comes nearly two years after the protocol’s inception and ten months after a devastating security breach in October 2024 that saw $50 million drained from its coffers. Despite desperate attempts to recover the stolen assets and restore user confidence, the protocol’s leadership ultimately determined that the path to solvency was no longer viable.

Main Facts: The Final Curtain for a Cross-Chain Giant

Radiant Capital was designed as an "omnichannel" money market, leveraging LayerZero technology to allow users to deposit collateral on one chain and borrow against it on another. At its peak, it was considered a cornerstone of the Arbitrum and Binance Smart Chain (BSC) ecosystems, boasting hundreds of millions of dollars in Total Value Locked (locked liquidity).

However, the protocol’s trajectory was permanently altered on a fateful day in October 2024. A highly coordinated malware injection targeted the hardware wallets of several core developers, bypassing the security measures that many in the industry considered "gold standard." The attackers managed to manipulate the front-end interface of Safe Wallet (formerly Gnosis Safe), leading the developers to unwittingly sign off on malicious transactions.

By August 2025, the financial reality became inescapable. With the native RDNT token plummeting to a fraction of its former value—trading at approximately $0.022—and the hacker successfully laundering and selling the stolen assets for a massive profit, Radiant Capital’s governance and development teams announced the permanent shutdown of the platform.

Chronology: A Timeline of Decline

To understand the magnitude of Radiant’s collapse, one must look at the sequence of events that led from a routine administrative task to a total protocol failure.

The October 2024 Breach

The nightmare began during a routine multi-signature ("multi-sig") emissions adjustment process. These adjustments are standard in DeFi, used to recalibrate the distribution of rewards to liquidity providers based on current market conditions and platform utilization rates.

During this process, several developers used their hardware wallets to interface with Safe Wallet. Unbeknownst to them, their local devices had been compromised by an advanced malware strain. While the developers’ screens showed legitimate transaction data, the malware injected "poisoned" transaction scripts in the background. When the developers pressed "confirm" on their physical devices, they were actually authorizing the transfer of protocol control and funds to the attacker.

The Immediate Aftermath (Late 2024)

Once the $50 million drain was discovered, Radiant Capital immediately paused its markets. The team engaged zeroShadow, a prominent Web3 security firm, and established contact with U.S. law enforcement agencies. For several months, there was a glimmer of hope that the assets could be frozen at centralized exchanges or that a "white hat" bounty could be negotiated with the hacker.

The Stagnation Period (Early to Mid-2025)

Throughout the first half of 2025, Radiant attempted to rebuild. They released a detailed post-mortem and implemented more rigorous security protocols for multi-sig signers. However, the damage to the protocol’s reputation was severe. Liquidity providers, fearing further exploits or the inability of the protocol to cover its bad debt, began a steady exodus. The TVL, which once reached into the nine-figure range, withered away.

August 2025: The Coup de Grâce

The final blow came not from a new hack, but from the realization that the original thief had won. In August 2025, on-chain analytics firm Lookonchain reported that the hacker had completed the conversion of the stolen loot into Ethereum (ETH). As the market surged, the hacker began offloading approximately 21,957 ETH at an average price of $4,562 per coin. This liquidation netted the attacker a staggering 93.5% profit on the original stolen value, signaling to the community that the funds were gone forever.

Supporting Data: The Cost of the Attack

The financial metrics surrounding the Radiant Capital collapse paint a grim picture of the efficiency with which modern cybercriminals operate.

  • Total Loss: $50 million USD (at the time of the hack).
  • Asset Conversion: The hacker consolidated various tokens into 21,957 ETH.
  • The "Profit" Realized: By holding the stolen assets through a market recovery, the hacker sold at $4,562 per ETH in August 2025.
  • Token Devaluation: The RDNT token, which served as the utility and governance backbone of the protocol, crashed to $0.022. This represented a near-total loss of value for long-term holders and investors who had stayed with the project through the crisis.
  • Success Rate of Recovery: Despite the involvement of zeroShadow and law enforcement, the recovery rate for the $50 million in assets was negligible. The "poisoned transaction" method allowed the hacker to move funds through various mixers and cross-chain bridges before they could be effectively blacklisted.

Official Responses: A Post-Mortem of Failure

The official post-mortem released by Radiant Capital serves as a cautionary tale for the entire blockchain industry. In their statement, the team emphasized the unprecedented nature of the malware used in the attack.

"The devices were compromised in such a way that the front-end of Safe Wallet displayed legitimate transaction data while poisoned transactions were signed and executed in the background," the report stated. "This breach occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates."

This specific detail—that the front-end was "spoofed"—is particularly chilling for DeFi developers. It suggests that even the most secure hardware wallets (like Ledger or Trezor) can be bypassed if the interface the user is looking at is compromised. If the user cannot trust the data displayed on their screen, the "Trustless" nature of blockchain is fundamentally compromised.

Law enforcement agencies, including the FBI’s cyber division, reportedly tracked the funds as they moved through various decentralized exchanges (DEXs). However, the decentralized and permissionless nature of the Ethereum network meant that once the funds were moved into private wallets and mixers, there was little that authorities could do to stop the eventual liquidation in August 2025.

Implications: What Radiant’s Death Means for DeFi

The shutdown of Radiant Capital is more than just the failure of a single lending platform; it is a watershed moment for DeFi security and governance. Several critical implications emerge from this saga:

1. The Vulnerability of Multi-Sig Governance

For years, multi-signature wallets were touted as the ultimate defense against internal theft and external hacks. The logic was simple: if one key is compromised, the others remain safe. However, the Radiant hack demonstrated that a coordinated malware attack targeting multiple signers simultaneously—or targeting the shared interface they use—can render the multi-sig redundant.

2. The Rise of UI/UX Attacks

We are entering an era where "smart contract audits" are no longer enough. Radiant’s smart contracts were not the primary point of failure; the user interface (UI) was. This highlights a desperate need for "End-to-End" security that includes the browser environment, the developer’s operating system, and the physical hardware wallet’s display.

3. The "Slow Death" Phenomenon

Radiant’s attempt to survive for nearly a year post-hack shows the difficulty of "re-trusting" a protocol. In DeFi, liquidity is the lifeblood. Once the "Social Consensus" of safety is broken, the protocol enters a death spiral. Even if the code is patched, the capital rarely returns. This suggests that for most protocols, a major hack is a terminal event, regardless of the team’s subsequent efforts.

4. Regulatory Scrutiny

The success of the hacker in cashing out over $100 million (given the ETH price appreciation) will almost certainly draw increased scrutiny from global regulators. The inability of law enforcement to freeze assets on decentralized platforms remains a primary talking point for those advocating for stricter "kill-switch" regulations or mandatory KYC for all DeFi participants.

Conclusion

The story of Radiant Capital ends on a somber note. What began as a promising venture to unify liquidity across disparate blockchain networks ended as a textbook example of the vulnerabilities inherent in the digital asset space. As the RDNT token sits at $0.022 and the platform goes dark, the industry is left to reflect on a hard truth: in the world of decentralized finance, there are no second chances when the underlying trust is compromised.

For investors and developers alike, Radiant’s collapse is a stark reminder that while the rewards of DeFi are high, the risks—often hidden behind "legitimate" transaction screens—are even higher. The hacker walks away with a 93% profit, while the users and creators of Radiant Capital are left with nothing but a post-mortem report and the lessons of a $50 million disaster.