Security

Radiant Capital Hacker Nearly Doubles Stolen Funds to $94 Million

A DeFi multisig exploit enabled a hacker to nearly double their illicit gains to $94 million through strategic on-chain asset trading, exposing persistent post-breach liquidity risks.
September 18, 20253 min

A futuristic white and dark gray modular unit is partially submerged in a vibrant blue liquid, with a powerful stream of foamy water actively ejecting from its hexagonal opening. The surrounding liquid exhibits a dynamic, wavy surface, suggesting constant motion and energy within the system
A futuristic, blue metallic, multi-component structure, featuring intricate geometric designs and polished accents, is partially enveloped by a dynamic, translucent foamy substance. The light-colored foam flows around and through the mechanical elements, highlighting their complex interplay

Briefing

The Radiant Capital protocol, previously impacted by a $53 million exploit in October 2024, is now facing a compounded threat as the attacker has successfully grown their illicit gains to approximately $94.63 million through sophisticated on-chain trading strategies. This significant increase, achieved by converting stolen assets into Ethereum and strategically trading against market volatility, underscores the long-term financial implications of security breaches beyond the initial theft. The protocol’s ongoing efforts to establish a Guardian Fund and plan for Q3/Q4 2025 user compensation highlight the persistent challenge of recovering and mitigating losses from compromised multisig wallets.

A central sphere comprises numerous translucent blue and dark blue cubic elements, interconnected with several matte white spheres of varying sizes via thin wires, all partially encircled by a large white ring. The background features a blurred dark blue with soft bokeh lights, creating an abstract, deep visual field

Context

Prior to this incident, the DeFi landscape has consistently grappled with vulnerabilities stemming from complex smart contract interactions and centralized control points, such as multisignature wallets. The initial October 2024 exploit on Radiant Capital, specifically targeting its multisig wallet, exemplified a known class of attack where administrative key compromise or flawed access controls allow unauthorized fund transfers. This pre-existing attack surface, characterized by the inherent trust placed in key management, created the foundation for the subsequent strategic asset growth by the threat actor.

This image showcases a series of interconnected, white modular hardware components linked by transparent, glowing blue crystalline structures, all visibly covered in frost. The detailed composition highlights a high-tech, precise system designed for advanced computational tasks

Analysis

The incident’s technical mechanics involved a multi-stage process initiated by the compromise of Radiant Capital’s multisig wallet. Following the initial $53 million theft in October 2024, the attacker systematically converted the stolen assets, primarily into Ethereum (ETH) and DAI stablecoins. The core of the recent profit surge lies in the attacker’s calculated market maneuvers → selling ETH at higher prices (around $4,562) for DAI and then repurchasing ETH during price dips (around $4,096) using the accumulated DAI. This chain of cause and effect demonstrates a sophisticated understanding of market dynamics, leveraging the liquidity of the Ethereum ecosystem to amplify illicit gains, thereby exploiting the time-value of stolen assets.

A luminous blue faceted crystal stands prominently amidst soft white cloud-like textures. A translucent blue shard is partially visible on the left, also embedded in the ethereal substance

Parameters

  • Protocol Targeted → Radiant Capital
  • Initial Financial Impact → $53 Million
  • Current Value of Stolen Funds → $94.63 Million
  • Attack Vector (Original) → Multisig Wallet Exploit
  • Attack Vector (Post-Exploit) → Strategic On-chain Asset Trading (ETH/DAI)
  • Blockchain(s) Involved → Arbitrum (original exploit), Ethereum (trading activity)
  • Hacker’s Current Holdings → 14,436 ETH and 35.29 Million DAI

A blue, multifaceted crystalline object is intricately intertwined with a white, frothy, web-like network of bubbles, forming a visually compelling abstract representation. This intricate arrangement symbolizes complex blockchain protocol interoperability and robust decentralized network architecture

Outlook

Immediate mitigation for users involves exercising extreme caution with any protocol-related communications and verifying official channels for compensation or security updates. The continued growth of stolen funds post-exploit poses a contagion risk, as it incentivizes similar long-term asset management strategies by other threat actors, potentially increasing market volatility from large-scale liquidation events. This incident will likely reinforce the need for enhanced post-breach monitoring capabilities, more robust multisig implementations, and the establishment of dedicated “Guardian Funds” or insurance mechanisms as new security best practices across DeFi protocols.

A futuristic, highly reflective blue structure, resembling a sophisticated protocol design, securely holds a smooth, white spherical object. This entire arrangement rests on a textured, light-toned surface, suggestive of a complex digital landscape

Verdict

The Radiant Capital incident decisively illustrates that the financial impact of a security breach extends far beyond the initial theft, necessitating continuous threat intelligence and robust post-exploit asset tracking to mitigate compounding losses within the digital asset security landscape.

Signal Acquired from → CoinMarketCap

Micro Crypto News Feeds

market volatility

Definition ∞ Market Volatility signifies the degree of variation in trading prices over time, typically measured by the standard deviation of price changes.

multisig wallet

Definition ∞ A multisig wallet is a type of cryptocurrency wallet that requires multiple digital signatures from different private keys to authorize a transaction.

ethereum ecosystem

Definition ∞ The Ethereum ecosystem comprises the network of decentralized applications, smart contracts, developers, users, and infrastructure built upon the Ethereum blockchain.

capital

Definition ∞ Capital refers to financial resources deployed for investment, operational expenditure, or the facilitation of economic activity within the digital asset sector.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

stolen funds

Definition ∞ Stolen funds represent digital assets that have been unlawfully acquired from their rightful owners.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

asset trading

Definition ∞ Asset trading involves the buying and selling of financial instruments or digital representations of value.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

eth

Definition ∞ ETH is the native cryptocurrency of the Ethereum blockchain.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

financial

Definition ∞ Financial refers to matters concerning money, banking, investments, and credit.

Tags:

Tags: