Radiant Capital’s devastating exploit by the Lazarus Group wiped out user confidence and liquidity. Here’s how the protocol is responding and what it means for RDNT holders and DeFi security.
Radiant Capital and the Lazarus Group: A DeFi Wake-Up Call
How Radiant Capital Went From Rapid Growth to Crisis
So let’s be clear from the beginning: what went down at Radiant Capital isn’t just another DeFi hack. It’s a case study in how fast things can go south when a state-backed threat actor decides to target a lending protocol and how hard it is to recover once the trust breaks down.
Founded in 2022, Radiant Capital has a simple value prop: make cross-chain lending and borrowing easier. No bells and whistles, just clean UX and competitive rates. And for a time it worked. Really well. The platform continued to get adoption through 2023, attracting everyone from solo yield farmers to more institutional types. “Strategic partnerships helped, sure, but the real driver was user trust. By December of that year, the total value locked in Radiant had climbed to $386.8 million. That’s some serious traction by any measure, particularly in a market where users have become justifiably paranoid after a string of failures elsewhere.
But that’s the thing with DeFi: growth can hide underlying fragilities. Radiant’s fragility was exposed in the worst possible way.
Enter the Lazarus Group. October 2023. North Korea’s cyber elite of finance. They are not the typical script kiddies or opportunistic attackers; they are patient, well-funded, and ruthlessly effective. Radiant wasn’t just hacked. It was methodically dismantled. The group exploited vulnerabilities in the infrastructure of the protocol and, in a short time, the damage was catastrophic. At the time of the breach, Radiant had locked assets of around $75 million. In less than a month, that number dropped to $5 million. 93% crash. Investors panicked. Liquidity vanished. And the team was caught between a rock and a hard place.
Let’s sit with that number for a second: $75M to $5M. This is not a market correction. This is not a slow bleed. That’s a kill shot.
Related: Paxos Makes History as SEC Approves First Blockchain Clearing Agency
The Aftermath and Maintenance Mode
The immediate aftermath was savage. The most precious asset of Radiant, the confidence of the users, collapsed. And when confidence runs in crypto, everything else does too. The management team had little choice but to start winding up operations. It wasn’t that they wanted to, it was just that the economics of continuing didn’t make sense anymore, with the losses and the shattered trust.
But what Radiant did next instead of just pulling the plug entirely is the interesting thing, and I’d say the necessary thing. They placed the platform in “maintenance state.” Let me tell you what that really is because it is not a euphemism for closing down.
The frontend and smart contracts are still there in maintenance mode. Existing functionality is still usable, and users can still log in and check positions. But active development of new features? Cold. Absolutely. The team shifted focus from growth to security stabilization and forensic investigation. That is the right call. When you get hit by a state actor you don’t keep shipping features. You grab what’s left, figure out how they got in, and make sure they can’t come back.
But this is the uncomfortable truth that is not said enough, during this phase users have more responsibility than usual. Radiant can and should maintain infrastructure integrity. But security of individual accounts, phishing awareness, and basic opsec hygiene is on the user. Two-factor authentication, hardware wallets, review of contract approvals none of this is optional anymore, especially after a breach of this magnitude.
RDNT’s Future and the Challenge of Rebuilding Trust
So what does that leave the RDNT token as? It was hit, as expected. A bad one. But crypto history suggests token recoveries post-exploit have more to do with how the team handles the aftermath transparently than technical fixes. Radiant has created a remediation portal dedicated to users reporting and tracking lost assets. That’s a start. It’s not a silver bullet and it probably never will be, given the nature of state-sponsored attacks but it’s a step toward accountability.
The real test will be if Radiant can build back enough trust over time for RDNT to be worth holding again. Not by promising impossible returns but by showing over time that the protocol is now hardened against the kind of intrusion that took it down. That means publishing a post-mortem, multi-party security reviews, and maybe even moving to a more decentralized risk management structure.
The Lazarus Group is not going anywhere soon. They hack so many platforms and they’ll keep developing. Radiant’s best course of action is not to pretend the hack never happened, but to demonstrate that the lessons learned have changed the way the protocol works. RDNT only recovers meaningful value that way: not through hype, but through earned credibility.
Related: Stablr Hack Exposes DeFi’s Biggest Security Failure Yet
Final Thoughts
If you are a current or former Radiant user, my advice is: use the remediation portal, check all outstanding contract approvals and do not rely on the platform alone for your security. And for those on the sidelines, take this as a reminder that in DeFi, state-level threats have entered the risk model. Get ready for it.
