The protocol's DAO Council said the project "no longer has a viable path forward," citing a sustained inability to raise new capital or restore meaningful user deposits. The shutdown comes roughly 20 months after attackers compromised the devices of multiple Radiant contributors and manipulated the multisig signing process to drain funds across the Arbitrum and BNB Chain deployments.

Radiant's native token, RDNT, now trades at approximately $0.0015, down about 96% from its all-time high. Total value locked across the protocol sits at roughly $7.47 million, according to DefiLlama, compared to hundreds of millions at its peak.

Users still have time to act. Radiant will enter what the team calls a "maintenance state," meaning the smart contracts and website will remain accessible. Anyone with outstanding loans or collateral on the platform can still repay, withdraw, or manage their positions. Recovered hack funds, if any are clawed back, will be distributed to affected users.

---

How the Attack Worked

The October 2024 exploit did not involve a flaw in Radiant's smart contracts. Instead, it was a targeted social engineering campaign. On September 11, 2024, a Radiant developer received a Telegram message from someone impersonating a former contractor. The message contained a malicious ZIP file disguised as a PDF. Opening it installed malware called "InletDrift" on the developer's device.

That malware was designed specifically to deceive: it displayed legitimate-looking transaction data inside Safe (formerly Gnosis Safe), the multisig wallet interface Radiant used for governance, while silently routing approval to malicious transferOwnership() calls in the background. Because Ledger hardware wallets do not display Safe transaction contents in a readable format, the developers unknowingly signed the malicious instructions. At least three contributors' devices were compromised, crossing the multisig signing threshold, and attackers then executed transferFrom() calls to pull user funds out of the protocol.

In December 2024, cybersecurity firm Mandiant attributed the attack with high confidence to UNC4736, a threat cluster also known as AppleJeus or Citrine Sleet, and assessed as a sub-unit of North Korea's Lazarus Group. Lazarus has been linked to billions of dollars in DeFi thefts globally.

"DPRK cyberattacks have intensified due to limited access to the global economy due to international sanctions," said Anmol Jain, VP at AMLBot, commenting in December 2024 on the attack's attribution. That motivation connects directly to why DeFi has become a preferred vector: "Targeting DeFi platforms is a common tactic of nation-state actors, especially North Korean groups such as Lazarus Group," added Jeremiah O'Connor, CTO at Trugard.

The October hack was Radiant's second major incident in 2024. A January flash loan attack had already cost the protocol roughly 1,900 ETH, worth approximately $4.5 million at the time.

---

Recovery Efforts Fell Short

After the October exploit, Radiant attempted several remediation steps. The protocol established a Community Council governance structure and designated 15% of revenue to flow into user claim contracts annually. It also completed a V2 migration using LayerZero's Omnichain Fungible Token standard and drafted plans for a "Guardian Fund," a protocol-controlled reserve for future exploit reimbursements.

None of it was enough. The team said on June 1 that "effort alone is not enough without recovery, capital, or growth." The wind-down was reached without a formal governance vote; the DAO Council made the call based on the protocol's inability to attract capital over an extended period.

Exchange delistings accelerated the token's decline. OKX removed RDNT USD pairs in January 2025. Crypto.com followed in July 2025. Binance delisted the token from spot trading on April 1, 2026, triggering a double-digit price drop that day.

---

What This Means for Users in South Asia and Africa

Radiant's cross-chain design made it particularly relevant to users in markets like India, Bangladesh, Pakistan, Nigeria, Kenya, and South Africa, where people often hold assets on one blockchain but need liquidity tied to another. The protocol let users deposit on Arbitrum and borrow on BNB Chain, or vice versa, using a single interface. Both chains are widely used across South Asia and sub-Saharan Africa because of lower transaction fees compared to Ethereum mainnet.

The region's exposure to this loss is not marginal: APAC recorded a 69% year-over-year increase in on-chain crypto activity in the twelve months ending June 2025, making it the fastest-growing DeFi region globally.

For African users, Radiant's USDC yield product served as a dollar-denominated savings option in markets where local currencies face sustained inflation pressure. The shutdown eliminates one of the few cross-chain options in that category. The Binance delisting hit South Asian holders hardest, given Binance's role as a primary fiat gateway in India, Pakistan, and Bangladesh.

For Indian users specifically, the situation is compounded by a regulatory environment that remains in a gray zone as of mid-2026, meaning affected retail users have limited legal recourse for recovering funds lost in DeFi exploits on foreign protocols. In Africa, the North Korea attribution is likely to sharpen ongoing regulatory debates: regulators in Nigeria, Kenya, and South Africa have pointed to incidents like this as evidence that DeFi protocols lack adequate security controls, and the Lazarus Group connection gives those arguments additional weight.

Users in these regions with active positions should act now while the frontend remains live. Those who cannot interact directly with smart contracts should seek technical assistance before contracts become harder to access through official interfaces.

---

A Broader Pattern

Radiant's collapse is not an isolated event. April 2026 became the most active month for crypto exploits on record, with 28 to 30 separate incidents causing an estimated $635 to $651 million in losses. Two attacks alone, against Drift Protocol ($285 million) and KelpDAO ($293 million), accounted for nearly all of those losses, and both were attributed to North Korean actors.

North Korea-linked groups were responsible for approximately 76% of all crypto hack losses through April 2026. The U.S. Treasury cited the Radiant incident in April 2026 as a case study in expanding cybersecurity intelligence-sharing with crypto companies.

The lesson from Radiant's end is not that cross-chain lending is inherently broken. LayerZero, the messaging infrastructure underneath Radiant, is unaffected and continues to operate. The failure was at the human layer, and it points to a structural gap that hardware wallets and multisig setups alone cannot close: if a device is compromised before signing, no amount of hardware security stops the transaction. Closing that gap will require protocols to implement transaction simulation and blind-signing protections at the hardware level, a technical standard that would have made the malware's deception far harder to execute.