The hacker behind last year’s $53 million Radiant Capital exploit has nearly doubled the stolen funds, thanks to a calculated Ethereum trading strategy.
On-chain analyst EmberCN reported on Aug. 19 that the attacker initially sold 9,631 ETH for 43.9 million DAI at an average price of $4,562. When Ethereum later dipped to $4,096, the hacker repurchased 2,109.5 ETH for $8.64 million.
As a result, the wallet now holds 14,436 ETH and 35.29 million DAI, with a total portfolio valued at $94.63 million — more than $41 million above the original stolen amount. Blockchain analytics firm Lookonchain noted that holding large portions of ETH during its rally was the key driver behind the massive portfolio growth.
From DeFi Breach to Windfall
The October 2024 Radiant Capital breach was one of the most damaging DeFi exploits of the year. The attacker infiltrated the protocol by compromising its core team’s multisignature wallet using INLETDRIFT, a macOS-specific malware. Funds were siphoned from lending pools on Arbitrum and BNB Chain, and quickly converted into 21,957 ETH worth roughly $53 million at the time.
Instead of immediately cashing out, the hacker held ETH through its price appreciation and executed well-timed trades to increase exposure, transforming the original heist into a significantly larger stash.
Attribution and Ongoing Concerns
Security experts have suggested links between the Radiant Capital attack and North Korea’s AppleJeus group, a state-sponsored hacking unit notorious for targeting crypto exchanges and DeFi protocols. Despite efforts by Radiant Capital, the FBI, Chainalysis, and Web3 security firms like SEAL911 and ZeroShadow, recovery of the stolen assets remains unlikely as funds continue moving through Ethereum-based activity.
The October incident was the second breach of Radiant in 2024, following a $4.5 million flash loan exploit earlier that year. Together, these hacks highlighted ongoing vulnerabilities across decentralized finance, which has already recorded major losses in 2025.
With over $94 million now under the attacker’s control, analysts warn that the next moves of this high-profile hacker will be critical for both regulators and the DeFi security community to track.
