TLDR
- The hacker turned $53M stolen from Radiant Capital into $94M by trading Ethereum.
-
The stolen funds were originally converted into 21,957 ETH, valued at $53M in October 2024.
-
Blockchain security experts link the attack to North Korea’s AppleJeus group.
-
The funds continue to move through Ethereum-based trading, with recovery prospects low.
The hacker responsible for the October 2024 exploit of Radiant Capital has managed to nearly double the value of the stolen funds through a well-executed Ethereum (ETH) trading strategy. Originally, the hacker stole $53 million in crypto from the decentralized finance (DeFi) protocol, but over the course of several months, they grew this amount to an impressive $94 million.
According to blockchain analyst EmberCN, the hacker initially converted the stolen funds into 21,957 ETH when Ethereum was trading at around $2,500. At that time, the stolen assets were worth about $53 million. Rather than liquidating the Ethereum holdings, the hacker strategically held onto the assets, benefiting as ETH’s price rose.
Ethereum Trading Strategy Boosts Stolen Funds
The hacker’s decision to hold onto the Ethereum tokens proved to be highly profitable. Over time, Ethereum’s price increased, allowing the attacker to significantly grow the value of the stolen funds.
In recent weeks, the hacker executed several trades, eventually buying back more Ethereum and increasing their exposure in the asset.
啊,好家伙,这 Radiant Capital 黑客竟然玩起波段来了😂:
他不是在一周前以 $4,562 的均价卖出了 9,631 枚 ETH 换成 4393.7 万 DAI 嘛。
这几天 ETH 回调了,他在过去 1 小时里又用 $864 万 DAI 以 $4,096 的价格重新买回了 2109.5 枚 ETH…现在 Radiant Capital 黑客持有 14,436 枚 ETH+3529 万… https://t.co/hO4MbNPrjd pic.twitter.com/ihLYhpmNAV
— 余烬 (@EmberCN) August 20, 2025
By the time of the most recent update, the hacker’s wallet held 14,436 ETH and 35.29 million Dai (DAI), bringing the total portfolio value to $94.63 million. This increase represents a gain of over $41 million from the original stolen amount. The hacker’s ability to time the Ethereum market played a major role in this substantial gain.
Radiant Capital Crypto Hack Linked to North Korea’s AppleJeus Group
The October 2024 attack on Radiant Capital exploited a vulnerability in the platform’s multisignature wallet. By using macOS malware known as INLETDRIFT, the attacker gained access to the wallet and stole tokens from lending pools on both Arbitrum (ARB) and BNB Chain.
The hack has since been linked to the AppleJeus hacking group, which is believed to be associated with North Korea.
Radiant Capital worked with several security firms and law enforcement agencies, including the FBI and Chainalysis, to investigate the hack. However, the chances of recovering the stolen funds remain slim as the assets continue to be moved through Ethereum-based trading activities.
Ongoing Risk to DeFi and Security Concerns
The hack of Radiant Capital is not an isolated incident. In fact, the attack highlights the ongoing security risks present in the DeFi sector. The platform had already suffered a smaller $4.5 million flash loan exploit earlier in the year, and this latest breach underscores the vulnerabilities that decentralized protocols continue to face.
With over $94 million now under the hacker’s control, security experts and analysts are closely monitoring the situation. The funds have been moved through various Ethereum transactions, and the attacker’s next move will be crucial. The DeFi sector, already grappling with a string of security breaches in 2025, must find new ways to safeguard against such sophisticated attacks.
The hacker’s success in almost doubling their stolen funds reflects the growing sophistication of attacks in the cryptocurrency space. It also highlights the need for stronger security measures and more robust regulatory oversight within the industry to prevent similar incidents in the future.
