The attacker behind last year’s Radiant Capital exploit has nearly doubled their haul, turning stolen funds into a massive profit.
In an August 14 post on X, blockchain analytics firm Lookonchain revealed that the exploiter grew their $53 million loot into roughly $102.5 million — a 93.5% gain — by patiently holding and strategically selling Ethereum.
After the October 2024 hack, the attacker converted all stolen assets into 21,957 ETH. They remained inactive for months before reemerging on August 12, capitalizing on ETH’s rally. The exploiter sold 9,631 ETH for $43.9 million in DAI, at an average price of $4,562.
The stolen stablecoins were transferred to a separate wallet, leaving the attacker with around 12,326 ETH. With Ethereum’s recent surge to just under $4,750 at the time of writing, those remaining holdings are now worth about $58.6 million — a 3% increase in the past 24 hours.
By holding ETH for nearly ten months, the exploiter boosted their original $53 million haul by roughly $49.5 million. Rather than cashing out immediately, they opted for a gradual sell-off, signaling a calculated long-term exit strategy.
The Radiant Capital breach ranks among the most damaging crypto heists of 2024. Despite extensive recovery efforts, the stolen assets remain out of reach — and the attacker’s latest moves suggest they may be gone for good.
The Radiant capital hack
In October, attackers carried out a sophisticated social engineering scheme, posing as a former Radiant Capital contractor on Telegram. They sent the team a zip file disguised as a PDF, which contained macOS malware designed to alter transaction displays and trick developers into signing malicious smart contract calls.
Blockchain security analysts later linked the breach to AppleJeus, a North Korea-affiliated hacking group known for targeting the crypto sector, and believed to operate alongside the infamous Lazarus Group.
By exploiting routine transaction resubmissions, the attackers collected enough compromised signatures to seize control of Radiant’s lending pools on both Arbitrum and Binance Smart Chain — leading to substantial losses.
The incident highlights a growing wave of targeted cyberattacks in the industry. In 2025 alone, more than $3.1 billion has already been stolen through scams and hacks, as threat actors continue refining their techniques to outpace evolving security measures — underscoring the urgent need for stronger, coordinated defenses.
