Overview
Radiant Capital launched as an omnichain lending protocol, allowing users to deposit collateral on one chain and borrow on another using LayerZero's cross-chain messaging infrastructure. The protocol deployed on Arbitrum, BNB Chain, and Ethereum, offering a cross-chain lending experience that aimed to eliminate the need for manual bridging. RDNT tokenomics used a "dLP" (dynamic liquidity provision) mechanism requiring users to provide RDNT liquidity to qualify for emissions — an attempt to align token incentives with protocol usage.
At its peak in 2023, Radiant attracted significant TVL and was considered a promising omnichain lending project. The RDNT token outperformed during the cross-chain narrative hype. However, 2024 proved catastrophic.
January 2024 (~$4.5M exploit): A flash loan attack exploited a rounding vulnerability in Radiant's markets, draining funds from pools on Arbitrum. The attack targeted a known vulnerability in Compound/Aave fork implementations related to empty market initialization.
October 2024 (~$50M+ exploit): The devastating blow. Sophisticated attackers compromised multiple Radiant multisig signers' devices using advanced malware, gaining enough signatures to execute malicious transactions. The attackers transferred ownership of Radiant's lending contracts and drained approximately $50 million across Arbitrum and BNB Chain. This was not a smart contract vulnerability — it was a complete operational security failure at the signer level.
The double exploit in a single year effectively destroyed Radiant's credibility. TVL collapsed, and the protocol's future viability is severely in question.
Smart Contracts
Aave V2 Fork
Radiant's core lending contracts are based on Aave V2, one of DeFi's most proven codebases. The base lending logic (supply, borrow, liquidation) inherits Aave's battle-tested design. Radiant's modifications focused on cross-chain functionality via LayerZero and the dLP tokenomics layer.
Cross-Chain Complexity
LayerZero integration adds significant complexity to the base lending protocol. Cross-chain messages for borrow/repay operations introduce latency, ordering dependencies, and new attack surfaces. The interaction between LayerZero messaging and lending state management is inherently more complex than single-chain lending.
January 2024 Vulnerability
The January exploit targeted a known rounding issue in Compound/Aave fork implementations — a vulnerability that was well-documented and had affected other protocols. That Radiant's deployment was vulnerable to a known attack vector raises serious questions about code review practices.
Security
Catastrophic Multisig Compromise (October 2024)
The October 2024 exploit was one of DeFi's most sophisticated attacks. Attackers deployed advanced malware (reportedly linked to North Korean state actors) to compromise the devices of multiple Radiant multisig signers. The malware intercepted and manipulated transaction signing, allowing attackers to execute malicious ownership transfers while signers believed they were approving routine transactions.
The attack exposed a fundamental weakness: Radiant's multisig (reportedly 3-of-11) was insufficient to prevent compromise when multiple signers' devices were simultaneously compromised. The threshold was too low, and the signers lacked hardware security measures sufficient to prevent device-level compromise.
Double Exploit in 2024
Two major exploits in a single calendar year — a $4.5M flash loan attack followed by a $50M+ multisig compromise — represents a complete security failure. The January exploit should have triggered comprehensive security overhaul; instead, the October exploit was even more devastating.
Industry Lessons
The Radiant exploit demonstrated that smart contract audits are insufficient without operational security. Even perfectly secure contracts are useless if the upgrade/ownership keys can be compromised. The attack has prompted the entire DeFi industry to reassess multisig practices, hardware signing requirements, and operational security protocols.
Risk Management
Multisig Configuration Failure
A 3-of-11 multisig threshold was inadequate for a protocol managing $50M+ in assets. Industry best practices suggest higher thresholds (e.g., 5-of-9 or higher) with geographically distributed signers using hardware wallets with air-gapped signing. Radiant's configuration created a low barrier for attack.
No Response to January Exploit
The January 2024 exploit should have triggered immediate, comprehensive security reforms — including multisig threshold increases, mandatory hardware wallet usage, operational security audits, and potentially migrating to more secure governance structures (timelocks, governor contracts). The October exploit's success suggests these reforms were either not implemented or were insufficient.
Cross-Chain Risk Amplification
Omnichain lending amplifies risk — a compromise on one chain can propagate to all chains. The October attack drained funds across multiple chains simultaneously, demonstrating how cross-chain design can multiply the impact of a single security failure.
Adoption
Post-Exploit Collapse
Radiant's TVL collapsed following the October 2024 exploit. Rational users withdrew remaining funds immediately. The protocol's omnichain vision, which was its key differentiator, became irrelevant once trust was destroyed.
Pre-Exploit Traction
Before the exploits, Radiant had achieved meaningful adoption with TVL exceeding $300M at peak. The dLP mechanism incentivized genuine liquidity provision, and the cross-chain lending use case attracted users who valued the convenience of omnichain borrowing. This history makes the security failure even more tragic.
Recovery Prospects
Radiant has attempted to continue operations with enhanced security measures. However, the precedent of two major exploits in one year creates an essentially insurmountable trust deficit. Any recovery would require demonstrating security improvements over an extended period with zero incidents — a tall order given the severity of the failures.
Tokenomics
RDNT Token
RDNT uses a dLP (dynamic liquidity provision) mechanism where users must provide RDNT/ETH liquidity (worth at least 5% of their deposited value) to qualify for RDNT emissions. This design incentivizes liquidity provision alongside lending, creating aligned incentives.
Post-Exploit Token Collapse
RDNT's price collapsed following the October 2024 exploit. The token's value is fundamentally tied to protocol usage and trust — both of which were destroyed. High FDV relative to current market cap suggests significant future dilution.
Emission Structure
RDNT emissions continue according to the programmed schedule, but with minimal protocol activity, emissions create pure sell pressure without corresponding fee revenue. The dLP requirement becomes academic when few users are willing to deposit in a twice-exploited protocol.
Risk Factors
- PROTOCOL WAS EXPLOITED TWICE IN 2024. $50M+ in total losses across two incidents.
- Multisig compromise: Sophisticated state-level attackers compromised signer devices — a class of attack that is extremely difficult to fully prevent.
- Trust destruction: Two exploits in one year has likely permanently damaged user confidence.
- Cross-chain risk amplification: Omnichain design means one compromise affects all chains.
- Known vulnerability exploitation: January exploit used a documented attack vector, suggesting poor security practices.
- RDNT token collapse: Token has lost most of its value with minimal recovery prospects.
- North Korean threat actors: Attribution to state-sponsored hackers suggests Radiant was specifically targeted by sophisticated adversaries.
Conclusion
Radiant Capital's story is one of DeFi's most devastating security failures. A promising omnichain lending protocol with genuine innovation (dLP tokenomics, LayerZero-powered cross-chain lending) was destroyed by two exploits in a single year. The October 2024 multisig compromise — attributed to North Korean state actors — demonstrated that even audited smart contracts are useless when operational security fails at the signer level.
The 2.2 overall score reflects catastrophic security failure (1) and poor risk management (2) that overwhelm whatever technical merit the protocol's design may have had. The January exploit's use of a known vulnerability is inexcusable. The October exploit's success despite industry awareness of multisig risks is even worse. Radiant should be studied as a case study in operational security failure and cross-chain risk amplification. Do not deposit funds.