The Radiant Capital hacker recently deposited 2,834 ETH into the mixer protocol Tornado Cash, a year after abusing the project’s credit pool, resulting in a $53 million loss.
Summary
- The Radiant Capital hackers have laundered more than $10.8 million worth of Ethereum through Tornado Cash, making it increasingly difficult for authorities to trace the stolen funds.
- Investigators suspect the North Korea-affiliated group AppleJeus was behind the Radiant Capital attack, in which the stolen assets grew from $53 million to nearly $94 million through subsequent transactions.
According to on-chain monitoring platform CertiK, the hacker laundered approximately $10.8 million worth of Ethereum through the mixer platform Tornado Cash. This move makes it even more difficult for sleuths and on-chain authorities to track down the stolen funds, combined with the additional ETH gained from previous transactions and swaps to DAI.
According to CertiK graphicthe funds were originally absorbed from bridge addresses such as Stargate Bridge, Synapse Bridge, and Drift FastBridge, showing how the attackers initially moved large amounts of ETH (ETH) to an intermediary address starting with 0x4afb.
From the main wallet, the attackers began distributing funds through a series of smaller transfers. One notable path moves 2,236 ETH from 0x4afb to 0x3fe4 before moving the funds through three more Ethereum wallets.
In August 2025, the hackers offloaded a whopping 3,091 Ethereums and swapped them with 13.26 million USD-backed DAI (DAI) stablecoins. The hackers then moved the DAI tokens to a series of other wallets before exchanging them back into ETH. The hackers then dumped 2,834 ETH into the crypto mixer Tornado Cash, effectively making them untraceable.
Before the Tornado Cash deposit, the Radiant Capital hackers held approximately 14,436 ETH and 35.29 million DAI, creating a portfolio worth $94.63 million.
Over the past year, Radiant Capital has worked with the FBI, Chainalysis, and other web3 security companies such as SEAL911 and ZeroShadow to recover the stolen funds following the hack. However, the chances of recovery remain slim, especially now that the hackers have deposited funds into crypto-mix platforms such as Tornado Cash.
What happened to Radiant Capital?
On October 16, 2024, Radiant Capital suffered an attack on its credit pool, leading to a $53 million loss on the ARB (ARB) and BSC (BNB) networks. The attack was one of the most damaging crypto exploits of the year.
The attacker was able to gain control of 3 of the 11 signer permissions of the system’s multi-signature wallets, replacing the Radiant loan pool deployment contract to steal funds. The hacker reportedly used a specific malware designed to infiltrate macOS hardware called INLETDRIFT.
After the theft, the stolen funds were converted into 21,957 ETH, which was valued at $53 million at the time. The hacker was later able to nearly double the money, increasing his holdings to $94 million. Instead of selling the funds immediately, the hacker held onto ETH for almost ten months, allowing the operator to add $49.5 million to the initially stolen funds.
According to a post-mortem report from Mandiant, the hacker is suspected of having ties to North Korea. Mandiant claimed that the attack was carried out by the AppleJeus hacking group, a subsidiary of the DPRK hacker network.
This incident marked the second breach faced by Radiant Capital. Earlier that year, the protocol fell victim to a smaller $4.5 million payday lending exploit.
#Radiant #Capital #hacker #moves #million #Tornado #Cash