Radiant Capital Breach Overview
The hacker responsible for the Radiant Capital breach has executed a significant transaction involving 2,834 ETH, sending this sum to the mixing service Tornado Cash. This maneuver comes a year after a devastating attack on the lending system that resulted in a staggering loss of $53 million from the targeted protocol.
Funds Laundering and Transaction Details
According to CertiK, an on-chain analysis platform, the hacker has managed to launder approximately $10.8 million in Ethereum via Tornado Cash, compounding the challenge for investigators and regulatory bodies attempting to trace the illicit funds.
The funds reportedly originated from various bridge protocols, including Stargate Bridge, Synapse Bridge, and Drift FastBridge. Initially, large quantities of ETH were funneled into an intermediary wallet identified by the address starting with 0x4afb. From there, these assets were dispersed across several smaller transactions, with one prominent transfer of 2,236 ETH moving from 0x4afb to another wallet, 0x3fe4, and subsequently shifting through a network of additional Ethereum addresses.
In August 2025, the hacker converted up to 3,091 ETH into DAI stablecoins, amounting to about 13.26 million USD, before cycling the stablecoins through various wallets and eventually converting them back into ETH. This activity culminated in the hacker depositing 2,834 ETH into Tornado Cash, thereby making these funds even more difficult to trace.
Hacker’s Portfolio and Recovery Efforts
Prior to this deposit, it was noted that the hacker possessed a substantial portfolio, including 14,436 ETH and approximately 35.29 million DAI, collectively valued at around $94.63 million. Since the hack, Radiant Capital has sought assistance from the FBI, Chainalysis, and other blockchain security firms like SEAL911 and ZeroShadow in their recovery efforts. However, with the recent deposits into mixers, the likelihood of retrieving the stolen funds has diminished significantly.
Details of the Exploit
The exploit on Radiant Capital took place on October 16, 2024, leading to a catastrophic loss affecting both the ARB and BSC networks. The nefarious actor managed to take control of the multi-signature wallet permissions, enabling a swap of the lending pool’s implementation contract to divert the funds. They infamously employed INLETDRIFT, malware specifically targeting macOS devices. After the initial theft, the value of the stolen assets amounted to 21,957 ETH, equating to the hefty $53 million at that moment. Over nearly a year, the hacker’s fortunes doubled, culminating in a valuation of $94 million due to the increasing price of Ethereum.
Potential Links to Cybercriminal Groups
A comprehensive report from Mandiant speculated that this cybercriminal may have links to North Korean hacking factions, implicating the AppleJeus group, associated with the nation’s cyber activities. This breach follows Radiant Capital’s earlier incident, which saw a lesser flash loan exploit costing them $4.5 million, highlighting ongoing vulnerabilities in their security processes.
