Radiant Capital hacker moves $52M in stolen funds

Addresses linked to the Radiant Capital exploit have shifted nearly all of the stolen funds to Ethereum on a possible path to obfuscation.
Addresses linked to the Radiant Capital exploit have shifted nearly all of the stolen funds to Ethereum on a possible path to obfuscation.

The hacker behind the recent theft from decentralized finance (DeFi) protocol Radiant Capital has moved almost all of the stolen funds from layer-2 protocols to Ethereum in a possible move toward obscuring its location. 

On Oct. 24, blockchain security firm PeckShield reported that addresses linked to the Radiant Capital exploiter have bridged “nearly all” of the ill-gotten crypto from the exploit from layer-2 network Arbitrum and the Binance BNB Chain to the Ethereum network.

The total amount moved was about 20,500 Ether (ETH) worth around $52 million, PeckShield noted

On Oct. 23, Radiant Capital reminded users to secure their wallets by revoking approvals to affected smart contracts. 

“Failing to do so puts your funds at risk of being drained,” it warned. 

The cross-chain DeFi lending protocol halted its lending markets after it was exploited for more than $50 million in the cybersecurity breach on Oct. 16. 

Hackers

Movement of stolen crypto from Radiant Capital. Source: PeckShield 

Still, this wasn’t a regular smart contract exploit. On Oct. 18, the team released a post-mortem of the incident revealing that the attackers compromised the devices of at least three core developers at Radiant through a “sophisticated malware injection,” enabling them to control the multisignature wallet.   

Radiant Capital is a DeFi platform that allows users to earn interest and borrow assets across multiple blockchain networks such as Ethereum, BNB Chain, and Arbitrum. Its total value locked has tanked 66% since the exploit and is currently around $24 million, according to DefiLlama. 

It is not the first time Radiant Capital has been compromised this year. In January, the platform halted lending markets following a $4.5 million flash loan exploit. 

Related: Crypto security firm mistakenly shares drainer link to ‘help’ Radiant hack victims

Hackers and cybercriminals often use Ethereum as a stepping stone to obfuscating their ill-gotten gains through mixers such as Tornado Cash. 

This has been the primary method used in previous crypto hacks and exploits this year such as WazirX, CoinStats, Orbit Chain, Pancake Bunny, Unizen and Penpie.

Speaking to Cointelegraph earlier this year, PeckShield confirmed that “Swapping to Ether quickly can help the hacker secure their funds before any preventative measures are taken by authorities or the issuers of centralized tokens.” 

PeckShield reported that cumulative losses from crypto hacks exceeded $120 million in September. It was the second-lowest monthly loss in 2024. 

Magazine: Fake Rabby Wallet scam linked to Dubai crypto CEO and many more victims