How Does Radiant Capital Work?
A cross-chain lending platform where you can deposit on one blockchain and borrow on another. It holds just $5M in deposits after losing $53M to North Korean hackers in October 2024. Its F grade reflects two major exploits in a single year and a 98% collapse in deposits from $400M.
TVL
$2M
Sector
Lending
Risk Grade
D+
Value Grade
F
Core Mechanisms
Lending/Cross-Chain
Omnichain lending via LayerZero enabling borrow/lend across Arbitrum, BNB Chain, and Ethereum
Cross-chain money market using LayerZero for message passing. Users can deposit on one chain and borrow on another. Adds bridge dependency to lending risk.
Lending/Pool-Based
Aave V2 fork with unified lending pools per chain
Standard Aave V2-derived lending architecture deployed on multiple chains. Well-understood base protocol but cross-chain extensions add complexity.
Token/Dynamic-Liquidity
dLP (dynamic liquidity provisioning) requiring RDNT/ETH LP tokens for emission eligibility
Users must lock RDNT/ETH LP tokens (at least 5% of deposit value) to earn RDNT emissions. Creates token price dependency for yield participants.
Governance/Multisig
3-of-11 multisig controlling Pool Provider contract and protocol upgrades
Low threshold multisig proved catastrophically vulnerable. North Korean hackers compromised 3 signers using custom INLETDRIFT macOS malware for man-in-the-middle attacks.
Bridge/LayerZero
LayerZero message passing for cross-chain lending state synchronization
Relies on LayerZero infrastructure for cross-chain message delivery. Bridge liveness and message ordering are critical dependencies for cross-chain positions.
Liquidation/Fixed-Spread
Standard Aave-style liquidation with fixed incentive and close factor
Standard liquidation mechanism inherited from Aave V2 fork. Cross-chain liquidations add latency and coordination challenges.
How the Pieces Interact
Compromised multisig signers directly controlled the Pool Provider contract, allowing attackers to deploy malicious contract implementations and drain all lending pools across multiple chains.
Cross-chain positions synchronized through LayerZero mean a compromise on one chain propagates to all chains simultaneously, as demonstrated in the October 2024 attack draining both Arbitrum and BNB Chain.
Flash loan attack in January 2024 exploited rounding logic in newly launched USDC market, demonstrating insufficient invariant checks in pool deployment process.
Post-exploit RDNT price collapse makes dLP lock requirements economically irrational, creating a death spiral where no users lock dLP, eliminating emissions, further reducing TVL.
Cross-chain liquidation depends on timely LayerZero message delivery; bridge delays during volatile markets could prevent liquidations, creating bad debt.
What Could Go Wrong
- Two major exploits in 2024: $4.5M flash loan attack (January) and $53M multisig compromise by North Korean hackers (October)
- 3-of-11 multisig wallet governance was trivially compromised via INLETDRIFT malware targeting hardware wallet signing
- TVL collapsed 98% from $400M to under $5M following exploits; protocol viability is severely in question
Multisig Re-Compromise via Supply Chain Attack
ElevatedTrigger: Attackers compromise signer devices again through malware, social engineering, or supply chain attack on hardware wallet firmware
- 1.Attacker compromises 3+ of 11 multisig signers via targeted malware — Attacker gains control of Pool Provider contract upgrade authority
- 2.Malicious contract implementation deployed across all chains — Attacker can drain any assets in lending pools on Arbitrum, BNB Chain, and Ethereum simultaneously
- 3.All remaining TVL ($5M) drained within minutes — Protocol becomes insolvent with zero ability to compensate depositors
- 4.RDNT token crashes to near-zero on remaining exchanges — Protocol permanently shut down; no recovery path feasible
Risk Profile at a Glance
Overall: D+ (61/100)
Lower score = safer