Radiant Capital will wind down DAO operations after an 18-month recovery effort failed to restore the DeFi lender’s financial footing following its October 2024 exploit. The protocol is not disappearing immediately, but active development is ending and the project is moving into a maintenance-only phase focused on withdrawals, position management and recovery infrastructure.
The decision reflects three failures that Radiant said it could no longer absorb: no meaningful recovery of stolen funds, no new external investment and no grants large enough to rebuild an operating runway. That combination left the DAO without a responsible path forward, even after contributors narrowed the project’s mandate around security, remediation and user support.
A Sophisticated Exploit Became an Existential Shock
Radiant’s October 16, 2024 breach resulted in an estimated loss of roughly $50 million. The protocol’s post-mortem said attackers compromised multiple developer devices, used those devices to obtain malicious multisig approvals and drained funds from core markets on Arbitrum and BNB Chain. The private-key layer was not the only risk point; signer workflow and transaction verification became the attack surface.
— Radiant Capital (@RDNTCapital) June 1, 2026
A later Radiant update said the attackers used a Telegram message impersonating a trusted former contractor to deliver a ZIP file containing INLETDRIFT malware. The file displayed a legitimate-looking PDF while establishing a macOS backdoor, allowing malicious transactions to be signed in the background while normal checks appeared clean. The attack bypassed the kind of manual review many DeFi teams still treat as sufficient.
Mandiant attributed the incident to UNC4736, also known as AppleJeus or Citrine Sleet, and assessed with high confidence that the actor had a DPRK nexus. That attribution turned Radiant’s failure into a broader warning about state-linked operational attacks against DeFi infrastructure, not only smart-contract code risk.
Maintenance Mode Leaves Users in Control, but Not Protected by Growth
Radiant said the frontend will remain live through the end of the year, while deployed smart contracts remain accessible on-chain. Users can still withdraw funds, repay loans, manage or close lending positions, vest or withdraw rewards and unlock or withdraw DLP. The platform is preserving exit access rather than pursuing revival.
Immediate changes are significant. Active development has stopped, borrowing is disabled across Core and RIZv1 markets, RDNT emissions are being discontinued and treasury use is restricted to essential operations. No new initiatives, expansions or feature development will be pursued, leaving the protocol in a reduced-support state.
The remediation process will continue, but without certainty. Radiant said its remediation portal will remain live indefinitely, recovered funds are intended for affected users and distribution mechanisms will remain available through claim contracts or Merkl. Recovery remains possible in structure, but uncertain in outcome.
The market damage had already been severe. Radiant’s total value locked reached about $386.8 million in December 2023, fell to roughly $75 million after the exploit and dropped to about $5 million within weeks. Once liquidity and trust left, the protocol could not rebuild enough activity to sustain itself.
For treasurers, counterparties and institutional users, the lesson is operational rather than theoretical. Cross-chain lending systems depend on multisig governance, signer security, upgrade controls, liquidity incentives and recovery capital. When one layer fails and no backstop exists, protocol risk can become terminal.
Radiant’s wind-down is therefore a case study in post-exploit limits. Technical contracts may remain accessible, but a lending market needs confidence, liquidity, governance capacity and capital to function. The next generation of DeFi lenders will be judged not only by yield, but by how credibly they can prevent, contain and recover from failure.
