Radiant Capital Winds Down After 18 Months of Failed Recovery From $50 Million Lazarus Group Hack

Key Highlights

• Radiant Capital announced it is winding down after failing to recover any meaningful funds or raise fresh capital in the 18 months following a $50 million exploit by North Korea's Lazarus Group in October 2024.

• The protocol will enter a maintenance state with smart contracts and the frontend remaining live, so users can continue to withdraw funds, repay loans, and manage positions at any time.

• Lazarus Group gained entry through a malware-laced PDF sent to Radiant engineers, ultimately compromising multi-signature private keys and collapsing the protocol's TVL to roughly $5 million within a month of the breach.

Radiant Capital, a cross-chain DeFi lending protocol, has announced it is winding down after failing to recover from a $50 million hack carried out by North Korea's Lazarus Group in October 2024. The team stated it has been unable to recover a meaningful portion of stolen funds or attract new capital across the 18 months since the exploit, leaving the protocol without a viable path forward.

The attack was traced to a malware-laced PDF distributed to Radiant engineers, which gave attackers a foothold to compromise multi-signature private keys held by core contributors. With control over the multi-sig threshold, Lazarus Group drained approximately $50 million in user funds across multiple chains. Radiant brought in U.S. law enforcement and worked with investigators, but attribution to North Korean state actors did not result in any fund recovery.

The protocol's total value locked dropped to around $75 million in the days immediately after the breach and slid further to approximately $5 million within a month as users withdrew remaining assets. Multiple attempts to rebuild confidence and secure new investment followed but were unsuccessful, with the DAO ultimately concluding it could not sustain ongoing development.

Rather than a full shutdown, Radiant will transition into a maintenance state: the frontend and smart contracts remain accessible, and users can continue to withdraw deposits, repay outstanding loans, and manage positions. The DAO will cease contributing to development, upgrades, or new features. Radiant's wind-down marks one of the more prominent DeFi closures directly attributable to a state-sponsored cyberattack, underscoring the persistent threat North Korean hacking operations pose to the broader crypto ecosystem.