Radiant Capital to go out of business after $50 million North Korea-linked hack
Radiant Capital has announced plans to wind down operations after failing to recover from a $50 million embezzlement that gutted the lender and left it without enough funding to continue.
Summary
- Radiant Capital said it would cease operations after failing to recover from a $50 million embezzlement and secure new funding.
- The protocol will remain online in maintenance mode, allowing users to withdraw funds and manage positions while development work is completed.
- Investigations linked the 2024 attack to North Korean-linked terror actors, and recovery efforts were hampered after part of the stolen money was transported via Tornado Cash.
According to a statement published on Monday by the independent organization Radiant, the law could no longer point the way forward after unsuccessful attempts to recover stolen property, raise new funds, and maintain the necessary resources to operate responsibly.
In another update shared on X, The DAO said that donors and community members have continued to support the platform under increasingly challenging conditions. The organization said that without capital gains, new investments, or renewed growth, the protocol cannot remain stable.
The decision closes a difficult chapter for a project that was once ranked among the largest cross-chain lending platforms.
Launched in 2022, Radiant sought to integrate payments across multiple blockchains and grew rapidly in 2023. Data from the regulation shows that its total locked-in value reached $386.8 million in December 2023.
The fortunes changed dramatically after the October 2024 exploit of security researchers and the latest investigation linked to North Korean actors. After the breach, Radiant’s locked-up value dropped to $75 million and fell to about $5 million within weeks, according to protocol data.
Attempts to find failed to restore the protocol
While operations have been postponed, Radiant said the protocol will not end completely. Instead, it will go into what it has described as maintenance mode.
Under that arrangement, the frontend will remain online, smart contracts will remain accessible, and users will still be able to withdraw assets, repay loans, and manage existing positions. Development work, protocol development, and expansion efforts, however, will come to an end as DAO contributors move away from active operations.
Radiant also urged users to manage their exposure carefully while the process enters its final phase.
Rescue efforts that remain linked to the hacking will continue. The DAO said its maintenance portal will remain open and any assets found in the future will be returned to affected users.
Previous rescue efforts have produced limited results. In October 2025, blockchain security firm CertiK reported that wallets linked to an attacker deposited 2,834 ETH in Tornado Cash after moving funds through multiple addresses and exchanges involving DAI.
CertiK estimates that approximately $10.8 million worth of Ethereum had already been dumped in the mixer, complicating efforts to track down and recover the stolen assets.
The attack linked to North Korea was a turning point
Radiant said in December 2024 an attacker posing as a former contractor distributed malware through Telegram. According to the protocol, a malicious ZIP file circulates among developers for feedback, creating an entry point that eventually leads to an exploit.
A post-mortem investigation by internet security firm Mandiant later linked the incident to the hacker group AppleJeus, which it identified as part of North Korea’s cyber ecosystem.
According to Mandiant, the attackers gained control of three of Radiant’s eleven signature licenses and changed the loan pool implementation contract, allowing them to steal approximately $53 million from Arbitrum and the BNB Chain.
The tactics used in the attack later appeared in other major crypto incidents. In April 2026, Drift Protocol said it had moderate confidence that the same actors behind the Radiant breach were responsible for a different exploit against its platform. Drift’s investigation concluded that the group spent months building trust with donors through conferences and networking with experts before using malicious tools and links.
Market reaction to the announcement of Radiant’s closure remains negative. The protocol’s RDNT token fell 4.2% after the news.
