In October 2024, Radiant Capital, a DAO-governed cross-chain lending protocol, suffered an exploit that led to the loss of over $50 million USD —making it one of the most notable DeFi security failures to date. While the protocol itself ran on Arbitrum and BNB Chain, the breach wasn’t your typical DeFi hack—it was the result of a targeted social engineering attack that compromised the very people entrusted with safeguarding the DAO’s assets.
What Happened Inside the Attack
The exploit began with a malware-laced PDF. Hackers impersonated a former contractor and sent the infected files to Radiant DAO contributors. Once opened, the malware compromised the developers’ hardware wallets and tampered with their Gnosis Safe multisig interface.
Radiant’s treasury was secured by an 11-member multisig with a 3-signature threshold. The attackers compromised exactly three members. When a routine emissions update was scheduled, the hackers injected a malicious transaction disguised as standard admin activity—silently transferring ownership of key smart contracts.
With full control in hand, the attackers swiftly drained user funds across Arbitrum and BNB Chain. By the time the DAO caught on, the damage was done.
Governance as an Attack Surface
Radiant’s multisig was designed to reflect decentralization. In practice, it became a single point of failure.
With no real-time detection or emergency response mechanisms in place, the DAO couldn’t react in time. The attack revealed a brutal truth: for all its promise of “trustless” systems, DAO governance still hinges on human access and operational discipline.
And Radiant is far from the only protocol exposed. Many DAOs today still operate without:
Sufficient multisig thresholds
Incident response playbooks
Legal protections for contributors
Risk transfer mechanisms like insurance
When operational control is this easily compromised, decentralization becomes a dangerous illusion.
What It Means for DeFi Projects
Radiant’s collapse wasn’t just a breach — it was a warning shot to every DAO out there.
If you’re building in Web3, ask yourself:
Are our governance parameters hardened against social engineering?
Who bears the risk when admin keys are compromised?
Do we have insurance or advisory partners to help in crisis?
In DeFi, it’s not just about protecting smart contracts. It’s about securing the humans who govern them.
Where Continuum Comes In
For incidents like Radiant’s, here are key insurance solutions that matter:
| Crime Insurance | Covers treasury reserves and wallets against insider fraud, theft, or key compromise — critical for multisig and delegated setups. |
| Tech PI (Professional Indemnity) with Cyber | Responds to smart contract bugs, protocol failures, or downtime that affect users or partners. Especially vital when platform logic goes wrong. |
| Directors & Officers (D&O) Insurance | Shields founders, contributors, and DAO delegates from personal liability during governance missteps, lawsuits, or disputes — turning legal risks into managed ones. |
| Slashing or Validator Insurance | Useful for staking-based models or automated execution environments. Protects against wrongful triggers, downtime, or network-level penalties. |
| Startup Insurance | Bundled general coverage for early-stage DeFi teams — including liability, office-related, and business interruption cover during chaotic events like smart contract exploits. |
At Continuum, we work with protocols, DAOs, and DeFi infrastructure players to translate protocol risk into insurance strategy — because exploits don’t just test your code, they test your credibility.
