Radiant Capital
@RDNTCapital
Radiant is building the first omnichain money market atop LayerZero. Deposit & borrow across multiple chains, seamlessly.
Követés
Követők
Kedvelve
Megosztva
🌟 Happy New Year! 🥂
Radiant is deeply grateful for the unwavering support and trust shown by the community during the most challenging of times.
As the new year begins, this moment is embraced as an opportunity to rebuild, grow, and look toward the future with renewed strength, resilience, and a shared commitment to overcoming obstacles, with the community leading the way.
Radiant is deeply grateful for the unwavering support and trust shown by the community during the most challenging of times.
As the new year begins, this moment is embraced as an opportunity to rebuild, grow, and look toward the future with renewed strength, resilience, and a shared commitment to overcoming obstacles, with the community leading the way.
An update on current goals and activities:
1️⃣ Lost funds recovery and soliciting bailout funds: Efforts are ongoing, but no significant progress or positive updates have been achieved yet.
2️⃣ Remediation plans: A consolidated community proposal is set to make a second journey to a DAO vote. Following a council review and reconciliation phase, a smoother process is anticipated. Community members are encouraged to participate in a survey to determine which of the three recommended options should be implemented:
🔗 https://t.co/voe77X94lu
The current focus is on lost deposits and recapitalizing the protocol to establish a viable foundation, allowing modest reimbursements as a starting point for a long-term recovery. Efforts to recover lost funds or secure bailout resources would further enhance this process. A comprehensive plan for recapitalization, revitalization, and remediation could potentially attract partnerships, new capital, and bailout funds.
A separate proposal addressing unlimited approval losses is expected to be drafted in Q1. This remains a complex and sensitive matter to navigate.
3️⃣ Council election: Another proposal is in the community collaboration stage and will soon begin the governance process to elect a new community council, replacing the inaugural one as outlined in the DAO by-laws. This council election is scheduled to occur annually thereafter.
💭
1️⃣ Lost funds recovery and soliciting bailout funds: Efforts are ongoing, but no significant progress or positive updates have been achieved yet.
2️⃣ Remediation plans: A consolidated community proposal is set to make a second journey to a DAO vote. Following a council review and reconciliation phase, a smoother process is anticipated. Community members are encouraged to participate in a survey to determine which of the three recommended options should be implemented:
🔗 https://t.co/voe77X94lu
The current focus is on lost deposits and recapitalizing the protocol to establish a viable foundation, allowing modest reimbursements as a starting point for a long-term recovery. Efforts to recover lost funds or secure bailout resources would further enhance this process. A comprehensive plan for recapitalization, revitalization, and remediation could potentially attract partnerships, new capital, and bailout funds.
A separate proposal addressing unlimited approval losses is expected to be drafted in Q1. This remains a complex and sensitive matter to navigate.
3️⃣ Council election: Another proposal is in the community collaboration stage and will soon begin the governance process to elect a new community council, replacing the inaugural one as outlined in the DAO by-laws. This council election is scheduled to occur annually thereafter.
💭
Radiant Capital Community Report 2 - Economic Ideas has been posted in the feedback section of the forum
It is a comprehensive proposal to ensure Radiant’s stability, recovery, and long-term growth.
This plan introduces a thoughtfully and strategically designed 10% RDNT mint to restore liquidity, compensate hack victims, and reignite the protocol’s growth flywheel - with only 16.6% (1.6% total supply) sell pressure over 1-2 years for OpEx.
With transparency and sustainability at its core, the proposal prioritizes stability for the protocol, innovative financial mechanisms for recovery, and robust strategies to drive TVL growth.
This is a pivotal moment for Radiant, and your voice matters. Help the DAO refine this logical and strategic path forward. Together, Radiant’s future can be secured! 🌟
💬 Review and share your feedback here:
It is a comprehensive proposal to ensure Radiant’s stability, recovery, and long-term growth.
This plan introduces a thoughtfully and strategically designed 10% RDNT mint to restore liquidity, compensate hack victims, and reignite the protocol’s growth flywheel - with only 16.6% (1.6% total supply) sell pressure over 1-2 years for OpEx.
With transparency and sustainability at its core, the proposal prioritizes stability for the protocol, innovative financial mechanisms for recovery, and robust strategies to drive TVL growth.
This is a pivotal moment for Radiant, and your voice matters. Help the DAO refine this logical and strategic path forward. Together, Radiant’s future can be secured! 🌟
💬 Review and share your feedback here:
Feedback 101: Deploying Merged Claim Contracts for Radiant Depositor Reimbursement is up on the forum.
This proposed remediation plan represents a complete rewrite of Novin 's feedback 47a and RFP Idea 47a after collaboration with the council. This version introduces enough new ideas that warrant another full collaboration cycle with the community as feedback for a few more weeks over this holiday period to afford ample time for the community to inform the DAO on which of the proposed options should be implemented.
Note: This proposal focuses only on remediation of the core market losses. A separate follow-on proposal will address the unlimited approval losses.
🔗
This proposed remediation plan represents a complete rewrite of Novin 's feedback 47a and RFP Idea 47a after collaboration with the council. This version introduces enough new ideas that warrant another full collaboration cycle with the community as feedback for a few more weeks over this holiday period to afford ample time for the community to inform the DAO on which of the proposed options should be implemented.
Note: This proposal focuses only on remediation of the core market losses. A separate follow-on proposal will address the unlimited approval losses.
🔗
📢 Draft RFP: Emergency Election for the Radiant Capital Community Council
This draft proposal advocates for an emergency Community Council Election to restore trust, rebuild Radiant Capital, and secure its long-term future following the devastating 2024 hacks.
The initiative focuses on:
• Establishing a decentralized governance structure
• Rebuilding the protocol with security-first principles
• Implementing a community-led roadmap
⚠️ Note: This is not yet an official RFP in the governance process. It is being shared to gather community support and feedback for further improvement before formal submission.
🔗 Read the full proposal here:
This draft proposal advocates for an emergency Community Council Election to restore trust, rebuild Radiant Capital, and secure its long-term future following the devastating 2024 hacks.
The initiative focuses on:
• Establishing a decentralized governance structure
• Rebuilding the protocol with security-first principles
• Implementing a community-led roadmap
⚠️ Note: This is not yet an official RFP in the governance process. It is being shared to gather community support and feedback for further improvement before formal submission.
🔗 Read the full proposal here:
After seeing concerns from some community memebers about @chaos_labs' Risk Oracles being involved in the October incident, Radiant Capital wants to address and clarify these misunderstandings.
The Risk Oracles were not involved in the attack in any way. The confusion may stem from the transaction linked to the incident, which, as outlined in the post-mortem report, was part of a routine action.
The devices were compromised in a way that caused Safe wallet to display legitimate transaction data, while malicious transactions were signed and executed in the background. The transaction in question, related to adjusting deposit and borrow caps based on Chaos Labs' recommendations, had no connection to the exploit's vector. This transaction was simply the one in the queue at the time, but it could have been any other routine transaction.
Chaos Labs remains a vital partner in risk management, and Radiant Capital wants to reassure the community that their Risk Oracles were not part of the exploit. Risk oracles are a great innovation and empower Radiant with real-time risk management. Radiant deeply values the ongoing support from Chaos Labs and looks forward to continuing the collaboration on risk assessment and management.
For further details about the incident, check out the latest updates on Radiant's Medium site:
The Risk Oracles were not involved in the attack in any way. The confusion may stem from the transaction linked to the incident, which, as outlined in the post-mortem report, was part of a routine action.
The devices were compromised in a way that caused Safe wallet to display legitimate transaction data, while malicious transactions were signed and executed in the background. The transaction in question, related to adjusting deposit and borrow caps based on Chaos Labs' recommendations, had no connection to the exploit's vector. This transaction was simply the one in the queue at the time, but it could have been any other routine transaction.
Chaos Labs remains a vital partner in risk management, and Radiant Capital wants to reassure the community that their Risk Oracles were not part of the exploit. Risk oracles are a great innovation and empower Radiant with real-time risk management. Radiant deeply values the ongoing support from Chaos Labs and looks forward to continuing the collaboration on risk assessment and management.
For further details about the incident, check out the latest updates on Radiant's Medium site:
December Office Hours
Radiant Capital is resuming monthly sessions to share updates and provide a space for questions and feedback directly from the community.
🎧https://t.co/zUk3A2UtOL
This month’s topics:
• Dev updates: RIZ, emissions, and steps to restart Arbitrum & BNB Core Markets.
• Remediation plans and community proposals.
• Updates on the exploit and the related Medium article.
• New features and assets to support TVL growth.
📥 Submit your questions in advance through Radiant's Discord server.
🗓️ December 17, 1:00 PM EST
Radiant Capital is resuming monthly sessions to share updates and provide a space for questions and feedback directly from the community.
🎧https://t.co/zUk3A2UtOL
This month’s topics:
• Dev updates: RIZ, emissions, and steps to restart Arbitrum & BNB Core Markets.
• Remediation plans and community proposals.
• Updates on the exploit and the related Medium article.
• New features and assets to support TVL growth.
📥 Submit your questions in advance through Radiant's Discord server.
🗓️ December 17, 1:00 PM EST
RDNT emissions have now resumed for RIZ markets on @arbitrum and @BNBCHAIN! 🎉
Following the recent reactivation of RDNT emissions on Base, eligible lenders and borrowers are once again earning RDNT emissions in RIZ markets on Arbitrum and BNB.
As the protocol moves closer to full functionality, the next milestone will be the redeployment of Core markets on these two chains.
Stay tuned for updates through Radiant’s official channels.
Following the recent reactivation of RDNT emissions on Base, eligible lenders and borrowers are once again earning RDNT emissions in RIZ markets on Arbitrum and BNB.
As the protocol moves closer to full functionality, the next milestone will be the redeployment of Core markets on these two chains.
Stay tuned for updates through Radiant’s official channels.
🚨 Radiant Capital Incident Update 🚨
A detailed update on the October 16 incident is now available, with Mandiant’s ongoing investigation attributing the attack with high confidence to a Democratic People’s Republic of Korea (DPRK)-linked threat actor.
The report sheds light on the attacker’s advanced tactics and underscores the urgent need for stronger transaction verification practices across the industry.
📖 Read the full report here:
A detailed update on the October 16 incident is now available, with Mandiant’s ongoing investigation attributing the attack with high confidence to a Democratic People’s Republic of Korea (DPRK)-linked threat actor.
The report sheds light on the attacker’s advanced tactics and underscores the urgent need for stronger transaction verification practices across the industry.
📖 Read the full report here:
RDNT emissions have officially resumed on @base! 🎉
Eligible lenders and borrowers on RIZ and Core markets are now earning RDNT emissions once more.
As the protocol approaches full functionality, the next major milestone will focus on redeploying Core markets on the affected chains — Arbitrum and BNB.
The investigation remains ongoing, and the DAO is working diligently on a compensation plan proposal.
Stay tuned for more updates through Radiant’s official channels.
Eligible lenders and borrowers on RIZ and Core markets are now earning RDNT emissions once more.
As the protocol approaches full functionality, the next major milestone will focus on redeploying Core markets on the affected chains — Arbitrum and BNB.
The investigation remains ongoing, and the DAO is working diligently on a compensation plan proposal.
Stay tuned for more updates through Radiant’s official channels.
Heartfelt THANKS to key service providers
Radiant Capital expresses its deepest gratitude to the remarkable projects that have stood by us during this challenging time.
Special thanks to @chainlink, @AngleProtocol, @chaos_labs, and @immunefi for their unwavering support and collaboration. Your contributions have been essential in helping Radiant navigate this period and focus on building for the future.
The crypto community’s empathy and collaborative spirit are truly inspiring, and Radiant is grateful to have such committed allies on this journey.
Thank you for the continued support—together, the future is brighter.
Radiant Capital expresses its deepest gratitude to the remarkable projects that have stood by us during this challenging time.
Special thanks to @chainlink, @AngleProtocol, @chaos_labs, and @immunefi for their unwavering support and collaboration. Your contributions have been essential in helping Radiant navigate this period and focus on building for the future.
The crypto community’s empathy and collaborative spirit are truly inspiring, and Radiant is grateful to have such committed allies on this journey.
Thank you for the continued support—together, the future is brighter.
RIZ markets on BNB and ARB are now UNPAUSED + 24-hour Grace Period to avoid liquidation!
After completing the necessary fixes, which have also undergone an external review, the RIZ markets are now back online on both chains.
The 24-hour grace period has now started, meaning that the liquidation threshold is set at 95% for this window.
Users who are currently eligible for liquidation can adjust their positions by either repaying or adding collateral during this period.
Before interacting with the Radiant UI, ensure that any outstanding approvals to the affected contracts have been revoked:
ARB: 0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
BNB: 0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
Please make sure to take action within the next 24 hours, as after that, the threshold will revert to its default pre-unpause value.
Radiant is working diligently to restore the protocol to full functionality as soon as possible while the investigation and recovery efforts continue.
Keep an eye out for more updates through Radiant's official channels.
After completing the necessary fixes, which have also undergone an external review, the RIZ markets are now back online on both chains.
The 24-hour grace period has now started, meaning that the liquidation threshold is set at 95% for this window.
Users who are currently eligible for liquidation can adjust their positions by either repaying or adding collateral during this period.
Before interacting with the Radiant UI, ensure that any outstanding approvals to the affected contracts have been revoked:
ARB: 0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
BNB: 0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
Please make sure to take action within the next 24 hours, as after that, the threshold will revert to its default pre-unpause value.
Radiant is working diligently to restore the protocol to full functionality as soon as possible while the investigation and recovery efforts continue.
Keep an eye out for more updates through Radiant's official channels.
Update on RIZ Market Unpause & Fix Implementation
RIZ markets on @BNBCHAIN and @arbitrum were temporarily paused due to RIZ and dLP contracts interacting with compromised addresses. A fix has since been developed and thoroughly audited by @BlockSecTeam to verify its security and effectiveness.
After Radiant's recent attack, a new multi-signature configuration and additional security measures have been implemented, which increase the time needed for upgrades but ensure a higher level of protection for the protocol. The required fix is now moving through a 72-hour time lock. Once this period concludes, RIZ markets are expected to come back online later this week.
To assist users at risk of liquidation, a 24-hour grace period will take effect once RIZ markets are unpaused. During this time, the liquidation threshold will be set to 95%, allowing users whose health factors are close to 1 the chance to either repay their debt or add collateral. After 24 hours, the liquidation threshold will return to its previous setting, and users who haven’t made adjustments may risk liquidation.
Stay tuned for announcements in the coming days, and remember to take the necessary steps to protect your positions once the grace period begins.
RIZ markets on @BNBCHAIN and @arbitrum were temporarily paused due to RIZ and dLP contracts interacting with compromised addresses. A fix has since been developed and thoroughly audited by @BlockSecTeam to verify its security and effectiveness.
After Radiant's recent attack, a new multi-signature configuration and additional security measures have been implemented, which increase the time needed for upgrades but ensure a higher level of protection for the protocol. The required fix is now moving through a 72-hour time lock. Once this period concludes, RIZ markets are expected to come back online later this week.
To assist users at risk of liquidation, a 24-hour grace period will take effect once RIZ markets are unpaused. During this time, the liquidation threshold will be set to 95%, allowing users whose health factors are close to 1 the chance to either repay their debt or add collateral. After 24 hours, the liquidation threshold will return to its previous setting, and users who haven’t made adjustments may risk liquidation.
Stay tuned for announcements in the coming days, and remember to take the necessary steps to protect your positions once the grace period begins.
https://x.com/i/spaces/1ZkKzRyLRpNKv
📢 Ethereum Markets are Now Unpaused
The @ethereum lending markets have resumed operations following robust security enhancements. Radiant has prioritized a secure return to normal operations, implementing extensive improvements across its framework.
Ownership has now been transferred to a Timelock (TL) contract, as shown in this transaction: https://t.co/8bLQAfEIOO. This TL contract, available here: https://t.co/qGaBcjkuoo, enforces a mandatory 72-hour waiting period on any adjustments, fortifying Radiant’s security stance.
In addition, Radiant has implemented an emergency admin role via a multisig structure, exclusively tasked with pausing and unpausing markets as needed. The DAO has also heightened multisig security, reducing the number of required signers to 7, with a 4-out-of-7 signing threshold.
The @ethereum lending markets have resumed operations following robust security enhancements. Radiant has prioritized a secure return to normal operations, implementing extensive improvements across its framework.
Ownership has now been transferred to a Timelock (TL) contract, as shown in this transaction: https://t.co/8bLQAfEIOO. This TL contract, available here: https://t.co/qGaBcjkuoo, enforces a mandatory 72-hour waiting period on any adjustments, fortifying Radiant’s security stance.
In addition, Radiant has implemented an emergency admin role via a multisig structure, exclusively tasked with pausing and unpausing markets as needed. The DAO has also heightened multisig security, reducing the number of required signers to 7, with a 4-out-of-7 signing threshold.
🚨 Security PSA 🚨
To ensure maximum wallet security, this is a reminder to revoke Token approvals!
Visit @RevokeCash or use @Rabby_io to revoke permissions you no longer need. This simple step can help safeguard your assets in the event of an unforeseen exploit. Stay safe!
To ensure maximum wallet security, this is a reminder to revoke Token approvals!
Visit @RevokeCash or use @Rabby_io to revoke permissions you no longer need. This simple step can help safeguard your assets in the event of an unforeseen exploit. Stay safe!
AMA Announcement
🎧 https://t.co/FtJQ9vqn3h
Following recent events, Isaac and Hung will be hosting an AMA to provide essential updates and address any outstanding questions. This will be the first opportunity to discuss the situation directly and live, and we welcome all questions and concerns from the community.
If you have specific topics you’d like covered, please feel free to submit them in advance through the #feedback channel on Discord.
🗓️ Monday, November 4, 1:00 PM EST
🎧 https://t.co/FtJQ9vqn3h
Following recent events, Isaac and Hung will be hosting an AMA to provide essential updates and address any outstanding questions. This will be the first opportunity to discuss the situation directly and live, and we welcome all questions and concerns from the community.
If you have specific topics you’d like covered, please feel free to submit them in advance through the #feedback channel on Discord.
🗓️ Monday, November 4, 1:00 PM EST
The Radiant DAO aims to provide clarity on the critical areas of focus moving forward:
• Unpausing Base & Mainnet Core Markets: Developers are diligently working to reopen these markets. The code and libraries are being carefully re-checked to ensure everything is secure. A 3-day time lock must be implemented on the LendingPoolAdressProvider, which is under audit by @PashovAuditGrp. This must be completed before the unpause is executed. The current estimated timeline for unpausing markets is 24-36 hours.
• Fixing ARB & BNB dLP Withdrawals and RIZ Functions: Expired dLP and RIZ assets can not withdrawn currently because it has calls to the impacted lending pools, which are paused. Radiant developers and relevant parties are reviewing PR changes that will be executed after the unpause of core markets.
• Redeploying ARB & BNB contracts: After completing the previous tasks, the next focus will be redeploying the ARB and BNB core market contracts, complete with an updated user interface.
• Investigation: As mentioned previously, @zachxbt's analysis points to the likelihood that the exploiter is tied to the 2023 Poly Network exploit. Law enforcement and @zeroshadow_io are working on the ongoing investigation. Radiant contributors are exploring potential recovery options with relevant parties should the exploited funds not be swiftly frozen and returned.
• An AMA is planned in the coming days to address questions and provide further clarity. Feel free to drop any questions in the #feedback channel on Discord so they can be addressed during the AMA.
Thank you for your patience and support during these challenging times. Stay tuned for more updates in the coming days.
• Unpausing Base & Mainnet Core Markets: Developers are diligently working to reopen these markets. The code and libraries are being carefully re-checked to ensure everything is secure. A 3-day time lock must be implemented on the LendingPoolAdressProvider, which is under audit by @PashovAuditGrp. This must be completed before the unpause is executed. The current estimated timeline for unpausing markets is 24-36 hours.
• Fixing ARB & BNB dLP Withdrawals and RIZ Functions: Expired dLP and RIZ assets can not withdrawn currently because it has calls to the impacted lending pools, which are paused. Radiant developers and relevant parties are reviewing PR changes that will be executed after the unpause of core markets.
• Redeploying ARB & BNB contracts: After completing the previous tasks, the next focus will be redeploying the ARB and BNB core market contracts, complete with an updated user interface.
• Investigation: As mentioned previously, @zachxbt's analysis points to the likelihood that the exploiter is tied to the 2023 Poly Network exploit. Law enforcement and @zeroshadow_io are working on the ongoing investigation. Radiant contributors are exploring potential recovery options with relevant parties should the exploited funds not be swiftly frozen and returned.
• An AMA is planned in the coming days to address questions and provide further clarity. Feel free to drop any questions in the #feedback channel on Discord so they can be addressed during the AMA.
Thank you for your patience and support during these challenging times. Stay tuned for more updates in the coming days.
On October 16, 2024, Radiant Capital experienced a highly sophisticated security breach that resulted in the loss of $50 million USD. The attackers exploited multiple developers' hardware wallets through a highly advanced malware injection.
The devices were compromised in such a way that the front-end of @safe{Wallet} (f.k.a. Gnosis Safe) displayed legitimate transaction data while poisoned transactions were signed and executed in the background. This breach occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates.
The DAO contributors strictly adhered to many industry standard operating procedures throughout the process. Each transaction was simulated for accuracy on Tenderly and individually reviewed by multiple developers at each signature stage. Front-end checks in both Tenderly and Safe showed no anomalies during these reviews.
To underscore the significance of this point, the compromise was completely undetectable during the manual review of the Gnosis Safe UI and Tenderly simulation stages of the routine transaction. This has been confirmed by external security teams, including @_SEAL_Org and @HypernativeLabs.
Radiant Capital has been working very closely with Seal911 and Hypernative and has since implemented stronger multisig controls. The U.S. law enforcement and @zeroshadow_io are fully informed of the breach and are actively working to freeze all stolen assets. The DAO is deeply devastated by this attack and will continue to work tirelessly with the respective agencies to identify the exploiter and recover the stolen funds as quickly as possible.
For the full post-mortem, see:
The devices were compromised in such a way that the front-end of @safe{Wallet} (f.k.a. Gnosis Safe) displayed legitimate transaction data while poisoned transactions were signed and executed in the background. This breach occurred during a routine multi-signature emissions adjustment process, which takes place periodically to adapt to market conditions and utilization rates.
The DAO contributors strictly adhered to many industry standard operating procedures throughout the process. Each transaction was simulated for accuracy on Tenderly and individually reviewed by multiple developers at each signature stage. Front-end checks in both Tenderly and Safe showed no anomalies during these reviews.
To underscore the significance of this point, the compromise was completely undetectable during the manual review of the Gnosis Safe UI and Tenderly simulation stages of the routine transaction. This has been confirmed by external security teams, including @_SEAL_Org and @HypernativeLabs.
Radiant Capital has been working very closely with Seal911 and Hypernative and has since implemented stronger multisig controls. The U.S. law enforcement and @zeroshadow_io are fully informed of the breach and are actively working to freeze all stolen assets. The DAO is deeply devastated by this attack and will continue to work tirelessly with the respective agencies to identify the exploiter and recover the stolen funds as quickly as possible.
For the full post-mortem, see: