Skip to main content
Security

Radiant Capital Hacker Nearly Doubles Stolen Funds to $94 Million

A DeFi multisig exploit enabled a hacker to nearly double their illicit gains to $94 million through strategic on-chain asset trading, exposing persistent post-breach liquidity risks.
September 18, 20253 min

A polished metallic object, featuring multiple parallel blades and geometric facets, protrudes from a layer of fine white foam. Bright blue, irregularly shaped crystalline structures are scattered beneath and around the foamy surface
A gleaming metallic blue turbine-like structure with a central, highly reflective shaft dominates the frame. This intricate, polished component visually represents the sophisticated core engine of a blockchain network

Briefing

The Radiant Capital protocol, previously impacted by a $53 million exploit in October 2024, is now facing a compounded threat as the attacker has successfully grown their illicit gains to approximately $94.63 million through sophisticated on-chain trading strategies. This significant increase, achieved by converting stolen assets into Ethereum and strategically trading against market volatility, underscores the long-term financial implications of security breaches beyond the initial theft. The protocol’s ongoing efforts to establish a Guardian Fund and plan for Q3/Q4 2025 user compensation highlight the persistent challenge of recovering and mitigating losses from compromised multisig wallets.

A transparent, interconnected network structure, resembling a molecular lattice, features vibrant blue liquid contained within spherical nodes and flowing through connecting channels, with metallic components integrating into the system. The clear material allows visibility of the blue liquid's movement, suggesting dynamic processes within the complex arrangement

Context

Prior to this incident, the DeFi landscape has consistently grappled with vulnerabilities stemming from complex smart contract interactions and centralized control points, such as multisignature wallets. The initial October 2024 exploit on Radiant Capital, specifically targeting its multisig wallet, exemplified a known class of attack where administrative key compromise or flawed access controls allow unauthorized fund transfers. This pre-existing attack surface, characterized by the inherent trust placed in key management, created the foundation for the subsequent strategic asset growth by the threat actor.

A white, fuzzy spherical object is positioned centrally, interacting with a complex blue lattice structure. Transparent, blade-like elements with blue accents and white specks extend outwards from the central interaction point, suggesting dynamic movement

Analysis

The incident’s technical mechanics involved a multi-stage process initiated by the compromise of Radiant Capital’s multisig wallet. Following the initial $53 million theft in October 2024, the attacker systematically converted the stolen assets, primarily into Ethereum (ETH) and DAI stablecoins. The core of the recent profit surge lies in the attacker’s calculated market maneuvers ∞ selling ETH at higher prices (around $4,562) for DAI and then repurchasing ETH during price dips (around $4,096) using the accumulated DAI. This chain of cause and effect demonstrates a sophisticated understanding of market dynamics, leveraging the liquidity of the Ethereum ecosystem to amplify illicit gains, thereby exploiting the time-value of stolen assets.

A high-tech rendering displays two futuristic white modules joined by a complex, glowing blue internal mechanism. The central structure features transparent and metallic components, emitting a radiant blue light against a clean, muted background

Parameters

  • Protocol Targeted ∞ Radiant Capital
  • Initial Financial Impact ∞ $53 Million
  • Current Value of Stolen Funds ∞ $94.63 Million
  • Attack Vector (Original) ∞ Multisig Wallet Exploit
  • Attack Vector (Post-Exploit) ∞ Strategic On-chain Asset Trading (ETH/DAI)
  • Blockchain(s) Involved ∞ Arbitrum (original exploit), Ethereum (trading activity)
  • Hacker’s Current Holdings ∞ 14,436 ETH and 35.29 Million DAI

Abstract, flowing forms in translucent white and vibrant deep blue dominate the frame, set against a dark, gradient background. The composition features smooth, overlapping layers that create a sense of depth and continuous movement, with light reflecting off the polished surfaces

Outlook

Immediate mitigation for users involves exercising extreme caution with any protocol-related communications and verifying official channels for compensation or security updates. The continued growth of stolen funds post-exploit poses a contagion risk, as it incentivizes similar long-term asset management strategies by other threat actors, potentially increasing market volatility from large-scale liquidation events. This incident will likely reinforce the need for enhanced post-breach monitoring capabilities, more robust multisig implementations, and the establishment of dedicated “Guardian Funds” or insurance mechanisms as new security best practices across DeFi protocols.

A detailed perspective showcases sophisticated metallic gears and bearings, intricately positioned within a clear, fluid-filled enclosure. The vibrant blue liquid, teeming with numerous small bubbles, circulates around these precisely engineered components, highlighting their operational interaction

Verdict

The Radiant Capital incident decisively illustrates that the financial impact of a security breach extends far beyond the initial theft, necessitating continuous threat intelligence and robust post-exploit asset tracking to mitigate compounding losses within the digital asset security landscape.

Signal Acquired from ∞ CoinMarketCap

Glossary

market volatility

The Federal Reserve's recent interest rate cut led to immediate Bitcoin price volatility, highlighting cautious market sentiment despite dovish policy shifts.

radiant capital

This architectural enhancement introduces Bitcoin as a direct staking asset within Starknet's consensus, strategically broadening participation and optimizing capital utility for the network's security model.

ethereum ecosystem

Definition ∞ The Ethereum ecosystem comprises the network of decentralized applications, smart contracts, developers, users, and infrastructure built upon the Ethereum blockchain.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

financial impact

Enterprises are leveraging stablecoins for high-volume settlements and tokenizing real-world assets to enhance liquidity and operational efficiency across traditional finance.

94.63 million

An exploited third-party API allowed attackers to manipulate staking requests, resulting in a significant capital drain from the SOL Earn program.

attack vector

Attackers deployed a deceptive Etherscan-verified contract, leveraging the Safe Multi Send mechanism to bypass user scrutiny and drain over $3 million.

asset trading

Definition ∞ Asset trading involves the buying and selling of financial instruments or digital representations of value.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

eth

Definition ∞ ETH is the native cryptocurrency of the Ethereum blockchain.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

initial theft

Bitcoin's realized cap reveals a monumental shift, with recent capital inflows dwarfing its entire first decade and a half.

Tags:

Tags: