Quick Breakdown
- Radiant Capital hacker laundered $10.8M ETH through Tornado Cash, a year after the $53M exploit.
- The attacker’s total portfolio now stands at nearly $94M, boosted by strategic trades.
- Investigators suspect North Korean ties, complicating global recovery efforts.
Hacker launders stolen ETH through Tornado Cash
The Radiant Capital hacker has resurfaced a year after the platform’s major lending pool exploit, moving 2,834 ETH—worth approximately $10.8 million—into the crypto mixer Tornado Cash. According to blockchain security firm CertiK, the laundering operation further obscures the trail of the stolen assets, making recovery efforts increasingly difficult.
Radiant Capital exploiter has deposited 2834.6 ETH (~$10.8M) into Tornado Cash. EOA 0x4afb received 2213.8 ETH bridged from Arbitrum in Oct 2024, and the extra ETH came from swapping to DAI then back.
On 16 October 2024, Radiant Lending Pool was drained on… pic.twitter.com/4k76FLhGiV
— CertiK Alert (@CertiKAlert) October 23, 2025
CertiK’s on-chain data revealed that the stolen funds were funneled through bridge networks including Stargate Bridge, Synapse Bridge, and Drift FastBridge before consolidating into an intermediary Ethereum address starting with 0x4afb. From there, the attacker distributed funds through multiple smaller wallets to conceal transaction patterns.
Swaps between DAI and ETH deepen the trail
By August 2025, the exploiter reportedly offloaded around 3,091 ETH, exchanging them for 13.26 million DAI stablecoins. The tokens were later transferred across several wallets before being reconverted into ETH. The hacker then deposited 2,834 ETH into Tornado Cash, effectively breaking the on-chain traceability of the funds.
Prior to the mixer transactions, the hacker’s wallets collectively held 14,436 ETH and 35.29 million DAI, valued at roughly $94.6 million.
Radiant’s long recovery battle
Radiant Capital has been collaborating with the FBI, Chainalysis, and web3 security outfits including SEAL911 and ZeroShadow to recover the stolen assets. Despite continuous tracing efforts, the likelihood of fund recovery appears slim following the latest laundering activity.
The attack, which occurred on October 16, 2024, exploited vulnerabilities in Radiant’s multi-signature wallets, allowing the hacker to seize control of 3 out of 11 signer permissions. They replaced the lending pool’s implementation contract, draining $53 million from the Arbitrum (ARB) and BNB Chain (BSC) networks.
Cybersecurity firm Mandiant later linked the breach to AppleJeus, a North Korea-affiliated hacking group known for targeting DeFi protocols. The exploit was Radiant’s second in 2024, following a smaller $4.5 million flash loan attack earlier in the year.
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
