Radiant Capital, the cross-chain lending protocol that lost $50 million in an October 2024 attack later attributed by Mandiant to a North Korean state hacking group, has bled out to an operational husk.

The protocol holds $2.21 million in total value locked across Arbitrum, Ethereum, Base, and BNB Chain as of June 1, 2026, with its RDNT token trading around $0.0015 and a market capitalization of $1.96 million — ranking #2356.

The deterioration crossed a fresh threshold today: Binance, which announced the delisting of RDNT on March 18 and halted spot trading on April 1, ended withdrawal support for the token on June 1. Residual balances will be converted to stablecoins on users’ behalf. The Binance exit follows OKX’s January 2025 delisting and Crypto.com’s removal in July 2025, eliminating Radiant’s last major centralized-exchange venue.

Radiant has not posted a formal wind-down notice on its X account or its governance forum, where the most recent topic is an April 25 proposal on phased remediation for depositors classed as “Convenience” claimants.

A February 2026 roadmap post committed to a dual-architecture rebuild — core blue-chip lending on upgraded Aave contracts, isolated markets on Morpho — and to retiring the legacy RIZv1 product hit hardest by the 2024 attack. Whether the rebuild proceeds against a $1.96M market cap and $288,000 of daily volume is the question the on-chain numbers now answer.

The Exploit That Started the Drain

On October 16, 2024, attackers seized control of Radiant’s Pool Provider contract by compromising hardware-wallet signers via INLETDRIFT, a macOS backdoor delivered five weeks earlier through a Telegram message from someone impersonating a former Radiant contractor.

The payload defeated Tenderly simulation, Gnosis Safe UI verification, and standard hardware-wallet checks — displaying legitimate transaction data while malicious signatures executed in the background. A 3-of-11 multisig configuration meant the attacker needed only three compromised devices.

In a December 6, 2024 incident update, Radiant published Mandiant’s attribution: the attack was the work of UNC4736, also tracked as AppleJeus or Citrine Sleet, a group Mandiant assesses with high confidence operates with a DPRK nexus and is “aligned with DPRK’s Reconnaissance General Bureau (RGB).” The RGB houses the Lazarus Group umbrella that accounts for the bulk of North Korean state-backed crypto theft.

The Long Tail of a Failed Recovery

The Radiant DAO has spent the 20 months since the exploit cycling through depositor-recapitalization frameworks — a fractional-reserve structure in RFP-47, a merged-claim-contract approach, a Radiant Guardian Fund proposal, and most recently the phased remediation for Convenience Class claimants — without delivering full reimbursement. First payouts originally targeted for Q3 or Q4 of 2025 slipped, and the protocol’s working capital eroded alongside its TVL.

The October 2024 breach was Radiant’s second exploit that year. A January 2024 flash-loan attack drained roughly $4.5 million from Arbitrum markets before the DPRK-attributed October breach took the rest. A subsequent reconfiguration to a 4-of-7 multisig closed the signing gap but not the user-trust gap.

What’s Left to Wind Down

Radiant’s remaining $2.21 million in TVL sits in fractions of a percent across four chains — $939,000 on Arbitrum, $468,000 on Ethereum, $458,000 on Base, $343,000 on BNB Chain.

The governance forum is still active and a Community Council election ran in March, but the protocol no longer has the runway, the exchange access, or the depositor base to defend a position in cross-chain lending against Aave, Morpho, or Compound. The Mandiant-attributed exploit did not formally end Radiant — but the 20-month tail of failed remediation, exchange exits, and an erased market cap has done the work a press release would have done in a single afternoon.