Does this exploit affect Arbitrum (ARB) or Ethereum (ETH) directly?

No direct protocol losses hit ARB or ETH, but Radiant's market pauses on both chains create negative TVL sentiment; ARB ecosystem positioning deserves tighter stops until DeFi flows stabilize.

Why is state-actor attribution (North Korea) relevant to traders vs. a typical hack?

State-sponsored hacks carry longer sentiment tails because they signal persistent, sophisticated threats across DeFi infrastructure — fund recovery is near-impossible, and the narrative suppresses DeFi re-entry appetite for weeks to months.

Will other DeFi lending tokens like AAVE see contagion selling?

Sympathy selling in DeFi lending names is common after major exploits as traders reprice multisig and operational security risk sector-wide; monitor funding rates on CoinUnited.io to gauge whether AAVE shorts are already overcrowded.

Is there any asset recovery scenario that could reverse RDNT's decline?

Potential recovery vectors include stablecoin issuer blacklisting of stolen addresses or on-chain asset freezes, but the research report indicates Radiant is winding down rather than rebuilding — making meaningful token recovery unlikely in the near term.

Quick Links

Radiant Capital Winds Down After $50M North Korea-Linked Hack: DeFi Lending Risk in Focus

Published: 2026-06-01 20:10:10 UTC

Tags:DeFi Structural Reset

Data Snapshot

Attribution

UNC4736 / Citrine Sleet (North Korea-linked)

Hack Amount

$51M–$58M (est.)

Chains Affected

Arbitrum, BSC, Base, Ethereum Mainnet

RDNT Price Reaction

-9% (initial disclosure)

Attack Execution Date

October 16, 2024

Social Engineering Date

September 11, 2024

Key Takeaways

•Radiant Capital lost $50M–$58M in an October 2024 exploit attributed to North Korea-linked UNC4736/Citrine Sleet, and is now winding down — this is a terminal outcome, not a patch-and-recover scenario.
•RDNT fell ~9% on initial disclosure; 100x leveraged long positions would face liquidation from a move of this magnitude, underscoring the need for strict position sizing on DeFi lending tokens.
•The attack vector was private key/multisig compromise via malware — not a smart-contract bug — raising sector-wide re-pricing of operational security risk across DeFi lending protocols including Aave and competitors.
•Arbitrum and Ethereum ecosystem assets face marginal negative sentiment pressure due to Radiant's market pauses on those chains, though direct protocol losses are Radiant-specific.
•Within crypto, BTC historically attracts mild safe-haven rotation during DeFi exploit events as capital exits DeFi tokens — watch BTC dominance as a confirmation signal.

The chart illustrates the recent performance of Bitcoin (BTC) in the context of a significant DeFi lending risk event, specifically the $50 million hack linked to North Korea. Bitcoin opened at $73,526.00 and closed at $71,504.00, marking a decline of 2.75% over the last 24 hours. The highest price reached during this period was $74,179.00, while the lowest was $70,652.00, reflecting notable volatility. In comparison, Ethereum (ETH) experienced a slight increase of 0.12%, while Arbitrum (ARB) showed a more substantial gain of 1.78%. This data indicates that Bitcoin is currently the laggard among the three assets, with its price declining amidst broader market movements. — Bitcoin's price fell 2.75% to $71,504 amidst DeFi lending risks, while Arbitrum gained 1.78%.

Radiant Capital, a decentralized cross-chain lending protocol, is winding down operations after losing over $50 million in an October 2024 exploit, according to reporting by Unchained Crypto, BeInCryp

Event Summary

Radiant Capital, a decentralized cross-chain lending protocol, is winding down operations after losing over $50 million in an October 2024 exploit, according to reporting by Unchained Crypto, BeInCrypto, and The Record. Security firm Mandiant, working alongside US law enforcement, attributed the attack to UNC4736 (Citrine Sleet), a North Korea-linked threat actor. As reported by SecurityWeek, the intrusion began with a social-engineering step on September 11, 2024, culminating in execution on October 16 via compromised developer devices that signed fraudulent multisig transactions. Loss estimates range from $51M to $58M depending on methodology. Radiant paused lending markets on Arbitrum, Binance Smart Chain, Base, and Ethereum mainnet — and has since been unable to recover.

Leverage Impact Analysis

For leveraged traders on CoinUnited.io, the primary direct vehicle is RDNT, which fell approximately 9% on initial hack disclosure, per Unchained Crypto. With up to 2000x leverage available on crypto perpetuals, position sizing discipline is critical here.

Example: A trader holding a 100x long RDNT perpetual at a pre-news price would see margin eroded by roughly 9x the move — a 9% adverse price move translates to ~900% of margin consumed, triggering liquidation well before any recovery.

The broader leverage risk is contagion-driven volatility in DeFi lending tokens. Protocols like Aave (AAVE) historically see sympathy selling after major lending exploits as traders re-price multisig and smart-contract risk sector-wide. Leveraged long positions in DeFi lending names face elevated liquidation risk during these sentiment resets. Monitor funding rates on CoinUnited.io — negative funding (shorts paying longs) would signal the market has already absorbed the bearish narrative; persistently positive funding on DeFi names suggests more unwinding ahead.

This attack pattern — private key compromise via malware rather than a smart-contract code flaw — also fits the broader crypto state-sponsored hacks theme. State-actor attribution events tend to have longer sentiment tails than typical exploits because they imply ongoing threat exposure across DeFi infrastructure.

Cross-Market Impact

This event is primarily crypto-specific with no meaningful macro spillover to forex or commodities. However, within crypto markets, the cross-chain footprint of the attack matters:

-Arbitrum (ARB): One of the directly affected chains. TVL outflows from paused Radiant markets on Arbitrum create marginal bearish pressure on ARB ecosystem sentiment, though ARB itself is not a direct loss vehicle.
-Ethereum (ETH): Base and Ethereum mainnet markets were also paused. ETH faces minimal direct impact but repeated high-profile DeFi exploits historically weigh on the "productive DeFi ecosystem" narrative.
-DeFi lending sector: The DeFi structural reset theme is reinforced — expect institutional allocators to reprice operational security risk across lending protocols. Per the research report, this can indirectly benefit security-focused custody and audit vendors.
-Bitcoin (BTC): Bitcoin typically sees mild safe-haven inflows within crypto during DeFi exploit events as capital rotates from DeFi tokens toward perceived lower-risk assets.

Trading Considerations

Key risk factors to monitor: whether any asset recovery is achieved via on-chain freezing (Tether/Circle blacklisting of stolen funds), and whether the winding-down announcement triggers a second leg lower in RDNT beyond the initial 9% drop. The persistence score on this event is elevated (0.78) — the protocol's inability to recover suggests this is not a "hack + patch + bounce" scenario but a terminal wind-down.

For DeFi lending names broadly, watch open interest on CoinUnited.io for confirmation that deleveraging has run its course before initiating long exposure. The DeFi Protocol Exploits guide outlines how bad debt resolution typically plays out — resolution timelines of 6–18 months are common, limiting near-term token recovery catalysts.

Start Trading on CoinUnited.io

Create Your Free Account → — Trade crypto, stocks, forex, indices, and commodities with up to 2000x leverage and zero fees.

Frequently Asked Questions

At 100x leverage, a 9% adverse move consumes 900% of margin, triggering liquidation long before any potential recovery. Traders should size RDNT positions to withstand at least 20–30% drawdown given the terminal wind-down risk.