Radiant Capital — once one of the largest cross‑chain lending platforms — announced it will wind down operations after failing to recover from a devastating hack that siphoned roughly $50 million and left the protocol financially unsustainable. Why Radiant is closing - The protocol’s decentralized autonomous organization (DAO) said attempts to recover stolen funds, attract new capital, and maintain operational resources all fell short. With no viable path to renewed growth, contributors determined the project cannot continue. - The DAO thanked contributors and the community for sustained support under increasingly difficult conditions and urged users to manage exposure carefully as the protocol enters its final phase. A rapid rise, then a swift collapse - Launched in 2022, Radiant aimed to unify liquidity across multiple chains and peaked in late 2023. The protocol’s total value locked (TVL) reached $386.8 million in December 2023. - After an October 2024 exploit tied by investigators to North Korean threat actors, TVL plunged to roughly $75 million and then to about $5 million within weeks, per Radiant’s own data. What will remain operational - Radiant is transitioning into a “maintenance state.” The frontend will stay online, smart contracts will remain accessible, and users can withdraw assets, repay loans, and manage existing positions. - Development, upgrades, and expansion will stop as DAO contributors step away from active operations. Ongoing recovery efforts - The DAO says its remediation portal will remain open and that any future recoveries will be returned to affected users. However, previous recovery work has produced limited results. - In October 2025, security firm CertiK reported attacker‑linked wallets moved 2,834 ETH into Tornado Cash after mixing funds, estimating about $10.8 million of Ethereum already laundered—complicating trace-and-recover efforts. How the attack happened - Radiant said in December 2024 that the breach began when an attacker posing as a former contractor circulated a malicious ZIP file to developers over Telegram, creating an entry point. - Cybersecurity firm Mandiant’s post‑mortem linked the incident to the AppleJeus group, part of North Korea’s cyber operations. Mandiant found attackers had gained control of three of Radiant’s 11 multisig signer permissions and replaced the lending pool’s implementation contract, allowing them to steal roughly $53 million from Radiant’s Arbitrum and BNB Chain deployments. Broader implications - The attack’s tradecraft later appeared in other incidents: in April 2026, Drift Protocol reported medium‑high confidence the same actors were behind an exploit on its platform, alleging the group spent months building trust with contributors before deploying malicious tools and links. Market reaction - RDNT, Radiant’s governance token, fell about 4.2% following the closure announcement. The winding down marks the end of a difficult chapter for a high‑profile cross‑chain lender and underscores ongoing risks around social engineering, supply‑chain malware, and state‑linked threat actors targeting crypto infrastructure. Radiant’s remediation portal and any future asset recoveries remain the only lingering hope for affected users. Read more AI-generated news on: undefined/news