Security

Radiant Capital Hacker Nearly Doubles Stolen Funds to $94 Million

A DeFi multisig exploit enabled a hacker to nearly double their illicit gains to $94 million through strategic on-chain asset trading, exposing persistent post-breach liquidity risks.
September 18, 20253 min

A high-resolution render displays a sophisticated metallic device featuring a radiant blue, multi-faceted internal mechanism. Transparent, flowing blue liquid elements intricately embrace and connect various parts of the central structure, set against a neutral grey background
A stark white, cube-shaped module stands prominently with one side open, exposing a vibrant, glowing blue internal matrix of digital components. Scattered around the central module are numerous similar, out-of-focus structures, suggesting a larger interconnected system

Briefing

The Radiant Capital protocol, previously impacted by a $53 million exploit in October 2024, is now facing a compounded threat as the attacker has successfully grown their illicit gains to approximately $94.63 million through sophisticated on-chain trading strategies. This significant increase, achieved by converting stolen assets into Ethereum and strategically trading against market volatility, underscores the long-term financial implications of security breaches beyond the initial theft. The protocol’s ongoing efforts to establish a Guardian Fund and plan for Q3/Q4 2025 user compensation highlight the persistent challenge of recovering and mitigating losses from compromised multisig wallets.

A close-up view presents a sophisticated metallic device, predominantly silver and blue, revealing intricate internal gears and components, some featuring striking red details, all situated on a deep blue backdrop. A central, brushed metal plate with a bright blue circular ring is partially lifted, exposing the complex mechanical workings beneath

Context

Prior to this incident, the DeFi landscape has consistently grappled with vulnerabilities stemming from complex smart contract interactions and centralized control points, such as multisignature wallets. The initial October 2024 exploit on Radiant Capital, specifically targeting its multisig wallet, exemplified a known class of attack where administrative key compromise or flawed access controls allow unauthorized fund transfers. This pre-existing attack surface, characterized by the inherent trust placed in key management, created the foundation for the subsequent strategic asset growth by the threat actor.

A dynamic abstract composition showcases a radiant central cluster of sharp blue and dark geometric forms, complemented by smooth white spheres and intricate white filaments. The vibrant blue core symbolizes a powerful consensus mechanism or sharding architecture, where immutable data structures are forged

Analysis

The incident’s technical mechanics involved a multi-stage process initiated by the compromise of Radiant Capital’s multisig wallet. Following the initial $53 million theft in October 2024, the attacker systematically converted the stolen assets, primarily into Ethereum (ETH) and DAI stablecoins. The core of the recent profit surge lies in the attacker’s calculated market maneuvers → selling ETH at higher prices (around $4,562) for DAI and then repurchasing ETH during price dips (around $4,096) using the accumulated DAI. This chain of cause and effect demonstrates a sophisticated understanding of market dynamics, leveraging the liquidity of the Ethereum ecosystem to amplify illicit gains, thereby exploiting the time-value of stolen assets.

The close-up showcases a futuristic array of pristine white, interconnected modular units, featuring a central glowing blue crystalline structure emitting intense light. This intricate design suggests a high-performance processing engine, with radiant blue conduits signifying dynamic data transfer

Parameters

  • Protocol Targeted → Radiant Capital
  • Initial Financial Impact → $53 Million
  • Current Value of Stolen Funds → $94.63 Million
  • Attack Vector (Original) → Multisig Wallet Exploit
  • Attack Vector (Post-Exploit) → Strategic On-chain Asset Trading (ETH/DAI)
  • Blockchain(s) Involved → Arbitrum (original exploit), Ethereum (trading activity)
  • Hacker’s Current Holdings → 14,436 ETH and 35.29 Million DAI

A futuristic, intricate spherical structure composed of white and dark grey modular components is depicted against a dark background. Intense blue light radiates from the core and between layers, highlighting a central white, rectangular module

Outlook

Immediate mitigation for users involves exercising extreme caution with any protocol-related communications and verifying official channels for compensation or security updates. The continued growth of stolen funds post-exploit poses a contagion risk, as it incentivizes similar long-term asset management strategies by other threat actors, potentially increasing market volatility from large-scale liquidation events. This incident will likely reinforce the need for enhanced post-breach monitoring capabilities, more robust multisig implementations, and the establishment of dedicated “Guardian Funds” or insurance mechanisms as new security best practices across DeFi protocols.

The image presents a striking arrangement of clear and blue translucent geometric forms, enveloped by a fine, white powdery substance resembling snow or frost. A blurred, frosted branch in the background complements the cool, serene aesthetic

Verdict

The Radiant Capital incident decisively illustrates that the financial impact of a security breach extends far beyond the initial theft, necessitating continuous threat intelligence and robust post-exploit asset tracking to mitigate compounding losses within the digital asset security landscape.

Signal Acquired from → CoinMarketCap

Micro Crypto News Feeds

market volatility

Definition ∞ Market Volatility signifies the degree of variation in trading prices over time, typically measured by the standard deviation of price changes.

multisig wallet

Definition ∞ A multisig wallet is a type of cryptocurrency wallet that requires multiple digital signatures from different private keys to authorize a transaction.

ethereum ecosystem

Definition ∞ The Ethereum ecosystem comprises the network of decentralized applications, smart contracts, developers, users, and infrastructure built upon the Ethereum blockchain.

capital

Definition ∞ Capital refers to financial resources deployed for investment, operational expenditure, or the facilitation of economic activity within the digital asset sector.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

stolen funds

Definition ∞ Stolen funds represent digital assets that have been unlawfully acquired from their rightful owners.

attack vector

Definition ∞ An attack vector is a pathway or method by which malicious actors can gain unauthorized access to a system or digital asset.

asset trading

Definition ∞ Asset trading involves the buying and selling of financial instruments or digital representations of value.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

eth

Definition ∞ ETH is the native cryptocurrency of the Ethereum blockchain.

security

Definition ∞ Security refers to the measures and protocols designed to protect assets, networks, and data from unauthorized access, theft, or damage.

financial

Definition ∞ Financial refers to matters concerning money, banking, investments, and credit.

Tags:

Tags: