The hacker behind last year’s $53 million Radiant Capital exploit has nearly doubled the value of the stolen funds through a well-timed Ethereum trading strategy.
Summary
- The Radiant Capital hacker increased stolen funds from $53M to $94M through ETH and DAI trading.
- The October 2024 attack exploited Radiant’s multisig wallet using macOS malware.
- Attribution points to North Korea-linked AppleJeus, with little chance of recovery.
According to on-chain analyst EmberCN’s Aug. 19 X post, the hacker had earlier sold 9,631 Ethereum (ETH) at an average of $4,562 for 43.9 million Dai (DAI), only to buy back 2,109.5 ETH for $8.64 million DAI once prices pulled back to $4,096.
The wallet now holds 14,436 ETH and 35.29 million DAI, a portfolio worth $94.63 million. This represents a gain of more than $41 million over the initial value of the stolen funds. Blockchain analytics firm Lookonchain noted that the decision to keep most of the assets in ETH during its rally played a major role in the increased balance.
From $53 million heist to $94 million stash
The October 2024 breach of Radiant Capital, a multi-chain decentralized finance protocol, was one of the most damaging attacks of the year. By compromising the multisignature wallet of its core team through a macOS-specific malware called INLETDRIFT, the attacker siphoned tokens from lending pools on Arbitrum (ARB) and BNB (BNB) Chain.
At the time, the stolen assets were quickly converted into 21,957 ETH, then valued at about $53 million when Ethereum was trading near $2,500. Rather than liquidating the holdings, the hacker held ETH as its price climbed. In recent weeks, the attacker executed several trades to increase exposure.
Radiant Capital hack attribution and ongoing risks
The attack has been linked by some blockchain security experts to North Korea’s AppleJeus group, known for targeting exchanges and DeFi protocols. Radiant Capital worked with the FBI, Chainalysis, and Web3 security firms like SEAL911 and ZeroShadow after the hack, but recovery prospects remain slim as the funds continue to move through Ethereum-based trading activity.
The October incident marked the second breach of Radiant in 2024, following a smaller $4.5 million flash loan exploit earlier that year. It underscored persistent security risks in DeFi, which has already seen significant losses in 2025.
With over $94 million now under control, the attacker’s next move will be closely watched by analysts and security teams.
