📢 Radiant Security Update: U.S. Government and Allies Attribute October Incident to DPRK

On January 14th, an official communication from the U.S. government was published, in which the U.S. Department of State, alongside Japan and the Republic of Korea, provided an important update on the recent cyberattack affecting Radiant, attributing the attack to the Democratic People’s Republic of Korea (DPRK).

This attribution aligns with the details outlined in the post-mortem and incident update previously shared by Radiant, where the specifics of the attack and its methods were disclosed. It further validates the analysis conducted with the assistance of Mandiant, focusing on on-device forensics, as well as ZeroShadow and Hypernative for on-chain asset tracking, and SEAL 911 for additional support. These efforts directly address concerns raised by some in the community regarding the potential involvement of an insider.

According to the official press release, Radiant was targeted by a rogue nation-state employing its threat actors in a highly coordinated attack against the protocol. The U.S. Department of State would not disclose such information without confidence in its accuracy, relying on evidence provided by its various law enforcement agencies.

Additionally, the statement highlights the ongoing collaborative efforts between the U.S., Japan, the Republic of Korea, and the private sector to track and recover the stolen funds. This reflects a united global effort to counter these malicious activities.

Radiant remains committed to maintaining transparency and security, and this official attribution strengthens ongoing efforts to ensure the safety of the platform.

The full statement from the U.S. Department of State can be read here: https://t.co/BuyqMp7tZS

Radiant will continue to monitor the situation closely and provide updates as new information becomes available.

Core Markets Restored: ETH, USDC, and WBTC on Arbitrum

The restoration of Radiant’s @arbitrum and @BNBCHAIN core markets has officially begun. Following the redeployment of the lending pool due to the October incident, ETH, USDC, and WBTC markets are now live again on Arbitrum. BNB Chain redeployment can be expected before the end of January as well.

As the incident did not involve any smart contract vulnerabilities, the protocol’s structure remains unchanged. However, given this is a completely fresh deployment, users are encouraged to report any issues or share feedback through Radiant’s official channels or support system.

Updates & Next Steps

Functions & Features

• Arbitrum Core Markets
The initial batch of core markets will include ETH, USDC, and WBTC. These markets are currently undergoing the final round of testing and are expected to go live very soon. A soft launch is planned to allow users to start interacting with the markets again, test features, and share feedback during an initial trial period. Once this phase is complete and feedback is incorporated, focus will shift to reactivating BNB markets.

• RIZ Vaults
Following the launch of the first batch of core markets, a fix will be implemented to restore vault functionality. This adjustment is necessary because the vaults interact with both RIZ and CORE markets. The goal is to have this fix deployed within the same week or shortly thereafter.

• 1-Click Strategy
This new feature for RIZ markets was nearly ready for launch before the incident in October. Work to finalize this feature has resumed, and it is expected to be ready within the coming weeks.

DAO and RFPs

• RFP Idea 47
RFP Idea 47 outlines a proposal for the orderly repayment of depositors in Arbitrum and BSC core lending markets. This will be achieved by deploying claim contracts, merging assets, and liquidating all outstanding loans. The proposal focuses on the distribution of funds, not on how they will be raised.The remediation plan has entered what is expected to be the final 7-day ideation phase. Everyone is encouraged to review the
details of the proposal and share feedback during this stage to help refine it further before it proceeds to a DAO vote.

RFP Idea 47 (replaces 47a): Deploying Merged Claim Contracts for Radiant Depositor Reimbursement

The remediation plan is back to what is anticipated to be the final 7-day ideation phase and should go to the DAO vote soon after.

The 3 proposed recovery options were reduced to 1 which, by far, had the most votes from the 14-day survey.

Please review and share your thoughts. Thank you to all who have pitched in, provided feedback, and participated in the survey .

🔗

Weekly RDNT Airdrop Resumed!

With progress being made toward restoring full functionality, the weekly airdrops from the 125M RDNT distribution outlined in RFP-44 have now resumed. From now on, new weekly campaigns will be available each Friday.

Users can claim their RDNT tokens and start vesting directly from the Manage page.

Please note:

• The 'Start Vesting' button applies to both the airdropped tokens and any accrued RDNT from emissions.
• To start vesting tokens, users need to be eligible for emissions. This means dLP must be locked and deposits must be active. If no deposits are currently in place, making a small deposit (worth $5 or less) should be enough to kickstart emissions.

🔗 Claim the Week 10 airdrop here:

A Recap of Post-Hack Progress 🧵

Here’s an overview of key activities and proposals following the October 2024 exploit that impacted Radiant’s core market deposits on Arbitrum and BNB Chain.

Recovery efforts and compensation plans remain in progress. This thread serves as a centralized resource for users to stay updated on the latest developments and proposals.

🌟 Happy New Year! 🥂

Radiant is deeply grateful for the unwavering support and trust shown by the community during the most challenging of times.

As the new year begins, this moment is embraced as an opportunity to rebuild, grow, and look toward the future with renewed strength, resilience, and a shared commitment to overcoming obstacles, with the community leading the way.

An update on current goals and activities:

1️⃣ Lost funds recovery and soliciting bailout funds: Efforts are ongoing, but no significant progress or positive updates have been achieved yet.

2️⃣ Remediation plans: A consolidated community proposal is set to make a second journey to a DAO vote. Following a council review and reconciliation phase, a smoother process is anticipated. Community members are encouraged to participate in a survey to determine which of the three recommended options should be implemented:

🔗 https://t.co/voe77X94lu

The current focus is on lost deposits and recapitalizing the protocol to establish a viable foundation, allowing modest reimbursements as a starting point for a long-term recovery. Efforts to recover lost funds or secure bailout resources would further enhance this process. A comprehensive plan for recapitalization, revitalization, and remediation could potentially attract partnerships, new capital, and bailout funds.

A separate proposal addressing unlimited approval losses is expected to be drafted in Q1. This remains a complex and sensitive matter to navigate.

3️⃣ Council election: Another proposal is in the community collaboration stage and will soon begin the governance process to elect a new community council, replacing the inaugural one as outlined in the DAO by-laws. This council election is scheduled to occur annually thereafter.

💭

Radiant Capital Community Report 2 - Economic Ideas has been posted in the feedback section of the forum

It is a comprehensive proposal to ensure Radiant’s stability, recovery, and long-term growth.

This plan introduces a thoughtfully and strategically designed 10% RDNT mint to restore liquidity, compensate hack victims, and reignite the protocol’s growth flywheel - with only 16.6% (1.6% total supply) sell pressure over 1-2 years for OpEx.

With transparency and sustainability at its core, the proposal prioritizes stability for the protocol, innovative financial mechanisms for recovery, and robust strategies to drive TVL growth.

This is a pivotal moment for Radiant, and your voice matters. Help the DAO refine this logical and strategic path forward. Together, Radiant’s future can be secured! 🌟

💬 Review and share your feedback here:

Feedback 101: Deploying Merged Claim Contracts for Radiant Depositor Reimbursement is up on the forum.

This proposed remediation plan represents a complete rewrite of Novin 's feedback 47a and RFP Idea 47a after collaboration with the council. This version introduces enough new ideas that warrant another full collaboration cycle with the community as feedback for a few more weeks over this holiday period to afford ample time for the community to inform the DAO on which of the proposed options should be implemented.

Note: This proposal focuses only on remediation of the core market losses. A separate follow-on proposal will address the unlimited approval losses.

🔗

📢 Draft RFP: Emergency Election for the Radiant Capital Community Council

This draft proposal advocates for an emergency Community Council Election to restore trust, rebuild Radiant Capital, and secure its long-term future following the devastating 2024 hacks.

The initiative focuses on:

• Establishing a decentralized governance structure
• Rebuilding the protocol with security-first principles
• Implementing a community-led roadmap

⚠️ Note: This is not yet an official RFP in the governance process. It is being shared to gather community support and feedback for further improvement before formal submission.

🔗 Read the full proposal here:

After seeing concerns from some community memebers about @chaos_labs' Risk Oracles being involved in the October incident, Radiant Capital wants to address and clarify these misunderstandings.

The Risk Oracles were not involved in the attack in any way. The confusion may stem from the transaction linked to the incident, which, as outlined in the post-mortem report, was part of a routine action.

The devices were compromised in a way that caused Safe wallet to display legitimate transaction data, while malicious transactions were signed and executed in the background. The transaction in question, related to adjusting deposit and borrow caps based on Chaos Labs' recommendations, had no connection to the exploit's vector. This transaction was simply the one in the queue at the time, but it could have been any other routine transaction.

Chaos Labs remains a vital partner in risk management, and Radiant Capital wants to reassure the community that their Risk Oracles were not part of the exploit. Risk oracles are a great innovation and empower Radiant with real-time risk management. Radiant deeply values the ongoing support from Chaos Labs and looks forward to continuing the collaboration on risk assessment and management.

For further details about the incident, check out the latest updates on Radiant's Medium site:

December Office Hours

Radiant Capital is resuming monthly sessions to share updates and provide a space for questions and feedback directly from the community.

🎧https://t.co/zUk3A2UtOL

This month’s topics:

• Dev updates: RIZ, emissions, and steps to restart Arbitrum & BNB Core Markets.
• Remediation plans and community proposals.
• Updates on the exploit and the related Medium article.
• New features and assets to support TVL growth.

📥 Submit your questions in advance through Radiant's Discord server.

🗓️ December 17, 1:00 PM EST

RDNT emissions have now resumed for RIZ markets on @arbitrum and @BNBCHAIN! 🎉

Following the recent reactivation of RDNT emissions on Base, eligible lenders and borrowers are once again earning RDNT emissions in RIZ markets on Arbitrum and BNB.

As the protocol moves closer to full functionality, the next milestone will be the redeployment of Core markets on these two chains.

Stay tuned for updates through Radiant’s official channels.

🚨 Radiant Capital Incident Update 🚨

A detailed update on the October 16 incident is now available, with Mandiant’s ongoing investigation attributing the attack with high confidence to a Democratic People’s Republic of Korea (DPRK)-linked threat actor.

The report sheds light on the attacker’s advanced tactics and underscores the urgent need for stronger transaction verification practices across the industry.

📖 Read the full report here:

RDNT emissions have officially resumed on @base! 🎉

Eligible lenders and borrowers on RIZ and Core markets are now earning RDNT emissions once more.

As the protocol approaches full functionality, the next major milestone will focus on redeploying Core markets on the affected chains — Arbitrum and BNB.

The investigation remains ongoing, and the DAO is working diligently on a compensation plan proposal.

Stay tuned for more updates through Radiant’s official channels.

Heartfelt THANKS to key service providers

Radiant Capital expresses its deepest gratitude to the remarkable projects that have stood by us during this challenging time.

Special thanks to @chainlink, @AngleProtocol, @chaos_labs, and @immunefi for their unwavering support and collaboration. Your contributions have been essential in helping Radiant navigate this period and focus on building for the future.

The crypto community’s empathy and collaborative spirit are truly inspiring, and Radiant is grateful to have such committed allies on this journey.

Thank you for the continued support—together, the future is brighter.

RIZ markets on BNB and ARB are now UNPAUSED + 24-hour Grace Period to avoid liquidation!

After completing the necessary fixes, which have also undergone an external review, the RIZ markets are now back online on both chains.

The 24-hour grace period has now started, meaning that the liquidation threshold is set at 95% for this window.
Users who are currently eligible for liquidation can adjust their positions by either repaying or adding collateral during this period.

Before interacting with the Radiant UI, ensure that any outstanding approvals to the affected contracts have been revoked:
ARB: 0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
BNB: 0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281

Please make sure to take action within the next 24 hours, as after that, the threshold will revert to its default pre-unpause value.

Radiant is working diligently to restore the protocol to full functionality as soon as possible while the investigation and recovery efforts continue.

Keep an eye out for more updates through Radiant's official channels.

Update on RIZ Market Unpause & Fix Implementation

RIZ markets on @BNBCHAIN and @arbitrum were temporarily paused due to RIZ and dLP contracts interacting with compromised addresses. A fix has since been developed and thoroughly audited by @BlockSecTeam to verify its security and effectiveness.

After Radiant's recent attack, a new multi-signature configuration and additional security measures have been implemented, which increase the time needed for upgrades but ensure a higher level of protection for the protocol. The required fix is now moving through a 72-hour time lock. Once this period concludes, RIZ markets are expected to come back online later this week.

To assist users at risk of liquidation, a 24-hour grace period will take effect once RIZ markets are unpaused. During this time, the liquidation threshold will be set to 95%, allowing users whose health factors are close to 1 the chance to either repay their debt or add collateral. After 24 hours, the liquidation threshold will return to its previous setting, and users who haven’t made adjustments may risk liquidation.

Stay tuned for announcements in the coming days, and remember to take the necessary steps to protect your positions once the grace period begins.

https://x.com/i/spaces/1ZkKzRyLRpNKv