Hacker Behind Radiant Capital Exploit Moves $52M in Stolen Funds to Ethereum

Eight days after the security decentralized finance (DeFi) protocol, Radiant Capital, was hacked, the attacker moved nearly all of the stolen funds. The hacker transferred the stolen crypto from layer-2 networks to Ethereum.

$52M Worth of Stolen Funds Moved

According to an alert shared by the blockchain security firm PeckShield on Thursday, wallet addresses associated with the Radiant Capital hacker bridged the stolen crypto from Arbitrum and BNB Chain to Ethereum. The hacker has moved around 20,500 ETH worth approximately $52 million.

#PeckShieldAlert #RadiantCapital Exploiter -labeled addresses have bridged nearly all stolen funds from #Arbitrum and #BNBChain to #Ethereum, totaling ~20.5K $ETH (worth ~$52M). pic.twitter.com/JquCL84hZl

— PeckShieldAlert (@PeckShieldAlert) October 24, 2024

Blockchain security experts believe the move is a technique used by hackers to secure their stolen crypto and later obfuscate the ill-gotten funds using crypto mixers like Tornado Cash. Hackers behind some of the biggest crypto exploits this year have also used this technique, including the hacker behind the Penpei exploit.

Radiant Capital Moves to Prevent Further Losses

On Oct. 16, Radiant Capital, a DeFi platform that enables cross-chain lending and borrowing, suffered a major exploit that saw the attackers steal over $50 million worth of crypto assets. In a post-mortem report released by the team on Oct. 18, it was revealed that the hackers had gained access to the protocol by compromising the devices of at least three core Radiant Capital developers.

The attackers executed a “sophisticated malware injection,” which allowed them to control the multisignature wallet. Upon gaining control, they quickly siphoned the funds before the exploit could be detected as the protocol was undergoing “a routine multi-signature emissions adjustment process” at the time of the attack.

Immediately after the hack, Radiant halted its lending markets and has been taking proactive measures to prevent further losses and track down the attackers.

On Oct. 23, the DeFi lender reminded users to secure their wallets. Radiant urged users to revoke approvals to affected smart contracts, adding that failure to do so puts their funds at risk of being drained.