A DeFi protocol that held $300 million in deposits 20 months ago is shutting down with $2 million left in the tank — and no one is getting their money back.
The Summary
- Radiant Capital is winding down its DAO operations after 18 months of failed recovery efforts following an October 2024 exploit that drained more than $50 million.
- The cross-chain lending protocol collapsed from $300M+ in total value locked to $2.21M, with Mandiant tracing the attack to North Korea.
- The protocol couldn't recover meaningful funds or raise new capital, leaving users with losses and the token delisted from major exchanges.
- The slow-motion collapse shows that for DeFi protocols, a nation-state hack isn't just a security event — it's a death sentence with an 18-month runway.
The Signal
Radiant Capital started October 2024 as a working cross-chain lending protocol with over $300 million in user deposits. Then North Korean hackers executed what Mandiant later attributed to the DPRK, draining more than $50 million in a single exploit. For most DeFi protocols, that would be the story. Hack happens, project dies, everyone moves on. But Radiant tried to survive.
Eighteen months later, the DAO announced an orderly wind-down after admitting the obvious: they couldn't recover meaningful funds or raise new capital. The protocol limped along for a year and a half, watching its TVL bleed from nine figures to seven, its token lose exchange listings, and its community evaporate. Now it sits at $2.21 million in total value locked and a market cap under $2 million.
"The slow end-state of an October 2024 exploit Mandiant traced to North Korea."
Here's what the post-mortems won't tell you: the hack didn't kill Radiant, the liquidity spiral did. Key details from the collapse:
- TVL dropped 99.3% from $300M+ to $2.21M over 20 months
- Major exchanges delisted the token, cutting off institutional access
- No white knight investor stepped in despite 18 months of runway
- North Korean attribution meant legal recovery was impossible from day one
When you lose $50 million to a nation-state actor, you're not getting it back through lawyers or blockchain forensics. Mandiant's attribution to the DPRK was the period at the end of the sentence. No negotiations, no recovered funds, no insurance payout that makes users whole. The DAO spent 18 months trying to prove otherwise, burning through what little capital remained while users watched their locked funds become exit liquidity for early escapees.
The reality check for DeFi: if your security model can't survive a determined nation-state attack, you're running a bank with cardboard walls. The cross-chain architecture that made Radiant attractive also made it vulnerable. One exploit, one bridge compromise, one social engineering attack on a multisig, and $50 million walks out the door to Pyongyang.
The Implication
The inability to raise new capital after a North Korean hack tells you everything about DeFi's maturity problem. VCs will fund protocols with anonymized teams and unaudited code, but they won't rescue one that survived a DPRK attack. The risk profile flips from "acceptable" to "radioactive" the moment nation-state attribution drops.
For protocols building cross-chain lending or any high-value DeFi primitive: North Korea is hunting you specifically. Not script kiddies, not opportunistic hackers. Professionals with state resources who will compromise your developers' machines, social engineer your multisig holders, and wait months for the right moment. If your security budget is a rounding error and your incident response plan is "we'll figure it out," you're pre-writing this same wind-down announcement. Radiant spent 18 months learning that lesson. You don't have to.