The hacker behind last year’s $53 million Radiant Capital breach has nearly doubled the loot’s value through strategic Ethereum trades.
On Aug. 19, on-chain analyst EmberCN reported that the attacker sold 9,631 ETH at an average price of $4,562 for 43.9 million DAI, then later repurchased 2,109.5 ETH for $8.64 million DAI after prices dipped to $4,096.
The exploiter’s wallet now holds 14,436 ETH and 35.29 million DAI—worth about $94.63 million—marking a gain of over $41 million from the stolen funds’ original value. Blockchain analytics firm Lookonchain attributed much of the increase to the decision to keep the majority of assets in ETH during its price surge.
From $53M Hack to $94M Windfall
The October 2024 hack of Radiant Capital, a cross-chain DeFi protocol, ranked among the year’s most severe exploits. The attacker infiltrated the core team’s multisignature wallet using a macOS-targeted malware strain known as INLETDRIFT, draining tokens from lending pools on both Arbitrum (ARB) and BNB Chain.
The stolen funds were swiftly converted into 21,957 ETH—worth about $53 million at the time, with Ethereum trading near $2,500. Instead of cashing out, the hacker held onto the ETH as its value rose, and in recent weeks made a series of trades to boost exposure even further.
Radiant Capital Exploit: Attribution and Lingering Risks
Some blockchain security analysts have tied the Radiant Capital exploit to North Korea’s AppleJeus group, a hacker collective notorious for targeting exchanges and DeFi platforms. Following the breach, Radiant Capital collaborated with the FBI, Chainalysis, and security firms including SEAL911 and ZeroShadow, though chances of recovering the stolen funds remain low as the assets continue to circulate through Ethereum-based trades.
The October attack was Radiant’s second exploit in 2024, coming after a $4.5 million flash loan incident earlier that year, and highlighted the ongoing vulnerabilities across DeFi—a sector that has already suffered steep losses in 2025.
With control of more than $94 million, the attacker’s next moves are being tracked closely by investigators and market watchers alike.
