Skip to main content
Sign in
Radiant V21 decision on this page

Audit log

Every state-changing event for Radiant V2: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 21:12:24Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,848,175
    sig
    39AwoPtH4Y1Q…m7XjkKytexplorer ↗
    hash
    BBbf816uKC6j…L8kXevP4sha256 → base58
    verifying row…full verify ↗
    canonical bytes (6214 B) ▸
    {"actor":"system:backfill","investigation_id":"7d00d907-ddca-4513-9bdc-f3e52a5766e5","kind":"publish","page_slug":"radiant-v2","published_at":"2026-05-19T21:12:24.558Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Radiant V2","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.nansen.ai/post/what-is-radiant-capital-cross-chain-defi-explained"},{"credibility":3,"name":"","type":"other","url":"https://www.datawallet.com/crypto/radiant-capital-explained"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/@RadiantCapital/radiant-capital-incident-update-e56d8c23829e"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-radiant-capital-hack-october-2024"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2024/10/16/radiant-capital-loses-50m-to-blockchain-exploit"},{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/287162/radiant-capitals-50m-breach-among-most-sophisticated-hacks-in-defi-history"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@RadiantCapital/radiant-post-mortem-fecd6cd38081"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/radiant-capital-lending-protocol-flash-loan-attack-arbitrum"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptopolitan.com/radiant-capital-repayment-flash-loan-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://blog.quillaudits.com/trending/radiant-capital-hack-analysis/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://coincentral.com/radiant-capital-hacker-launders-10-8m-through-tornado-cash-mixer/"},{"credibility":3,"name":"","type":"other","url":"https://crypto.news/radiant-capital-hack-funds-shift-as-13m-in-eth-swapped-for-dai/"},{"credibility":3,"name":"","type":"other","url":"https://news.shib.io/2024/10/24/radiant-capital-hacker-transfers-52m-in-stolen-funds-to-ethereum/"},{"credibility":3,"name":"","type":"other","url":"https://crypto.news/radiant-capital-hacker-doubles-funds-eth-trading-2025/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2024/12/09/radiant-capital-says-north-korean-hackers-behind-50-million-attack-in-october"},{"credibility":3,"name":"","type":"other","url":"https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/"},{"credibility":3,"name":"","type":"other","url":"https://www.securityweek.com/radiant-capital-50-million-heist-blamed-on-north-korean-hackers/"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/north-korea-radiant-capital-hack/"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@RadiantCapital/radiant-capital-incident-update-e56d8c23829e"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-radiant-capital-hack-october-2024"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/radiant-capital-teams-with-us-law-enforcement-after-50m-defi-hack/"},{"credibility":3,"name":"","type":"other","url":"https://coincentral.com/radiant-capital-hacker-launders-10-8m-through-tornado-cash-mixer/"}]}],"sources_used":[],"summary":"Radiant Capital is a decentralized cross-chain lending protocol built on LayerZero that suffered two significant security incidents in 2024: a $4.5 million flash loan exploit in January 2024 and a far more devastating $50 million multisig compromise in October 2024. The October hack, attributed by Mandiant with high confidence to North Korean state-sponsored group UNC4736 (Citrine Sleet / AppleJeus), involved a months-long social engineering campaign, macOS malware deployment on developer devices, and manipulation of hardware wallet signing interfaces to drain funds across BNB Chain and Arbitrum.","timeline":[{"date":"2022-07-01","event":"Radiant Capital launches RDNT token on Arbitrum via Sushiswap fair launch.","source":""},{"date":"2024-01-02","event":"Flash loan exploit drains $4.5 million ETH from newly activated USDC market on Arbitrum via rounding error in liquidityIndex calculation.","source":""},{"date":"2024-01-03","event":"Radiant pauses Arbitrum lending and borrowing markets; promises post-mortem and user repayment.","source":""},{"date":"2024-09-11","event":"North Korean UNC4736 attacker sends malicious Telegram message to Radiant developer, impersonating a former contractor; INLETDRIFT macOS malware deployed via ZIP file.","source":""},{"date":"2024-10-16","event":"Attackers exploit compromised hardware wallets of at least 3 of 11 multisig signers to execute transferOwnership() on LendingPoolAddressesProvider; approximately $50–53 million drained from BSC and Arbitrum markets. Backdoor removed within 3 minutes of theft.","source":""},{"date":"2024-10-17","event":"Radiant publishes initial post-mortem; engages Mandiant, zeroShadow, Hypernative, and SEAL 911.","source":""},{"date":"2024-10-24","event":"On-chain tracking confirms hacker bridges $52M in stolen funds to Ethereum.","source":""},{"date":"2024-12-06","event":"Radiant Capital publishes updated incident report attributing attack to UNC4736 (North Korea) based on Mandiant forensic analysis.","source":""},{"date":"2024-12-09","event":"Public attribution of attack to DPRK-linked UNC4736 / Citrine Sleet / AppleJeus group reported by major media.","source":""},{"date":"2025-08-01","event":"On-chain monitors observe hacker actively trading stolen ETH and DAI; stolen portfolio value reportedly grows from $53M to over $94M through ETH appreciation and active arbitrage.","source":""},{"date":"2025-10-01","event":"Hacker deposits 2,834.6 ETH (approximately $10.8M) into sanctioned mixer Tornado Cash, substantially reducing recovery prospects.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision c9836dd6-a508-4ed4-aea3-6ce6c7c6822c
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.