- Trending
- Comments
- Latest
The Radiant Capital exploit has taken a new turn as the attacker nearly doubled stolen funds to $102.5 million, after strategically holding Ethereum (ETH) for months before a partial cash-out, blockchain data shows.
The Radiant Capital exploit, which occurred in October 2024, saw attackers convert all stolen assets into 21,957 ETH. Instead of rushing to offload the funds, the exploiter held the position for nearly ten months, capitalizing on Ethereum’s rally to near-record highs.
On August 12, the attacker exchanged 9,631 ETH for $43.9 million in DAI stablecoins at an average price of $4,562. The stablecoins were then transferred to a separate wallet, leaving approximately 12,326 ETH which is now valued at around $58.6 million still in the exploiter’s possession.
“This is a textbook example of an attacker leveraging patience to maximize returns,” — Michael Cheng, senior analyst at Blocktrace Security. “It shows that hackers are not always looking for quick flips; some are playing the long game.”
At current prices near $4,750, the attacker’s remaining ETH stash has already appreciated 3% in just a day. In total, the strategic holding has generated a 93.5% profit.
The Radiant Capital exploit was one of the most damaging incidents in DeFi during 2024. According to post-mortem investigations, attackers impersonated a former Radiant Capital contractor on Telegram and sent a malicious zip file disguised as a PDF. The file contained macOS malware capable of altering transaction displays, which tricked developers into signing harmful smart contract calls.
“This wasn’t just a vulnerability exploit — it was a highly targeted social engineering attack,” — Clara Mendoza, cybersecurity researcher at ChainGuard.
Experts linked the operation to AppleJeus, a North Korea-affiliated hacking group notorious for infiltrating crypto firms, alongside the Lazarus Group. By exploiting routine transaction resubmissions, the attackers gathered enough compromised signatures to seize control of Radiant’s lending pools on both Arbitrum and Binance Smart Chain, draining millions in user deposits.
Despite collaborative efforts with law enforcement and blockchain analytics firms, all attempts to recover funds from the Radiant Capital exploit have failed. The latest movement of funds suggests the attacker intends to gradually liquidate holdings over time, reducing the chances of interception.
Radiant Capital has not issued a new public statement since late 2024, when it confirmed the exploit and pledged to improve internal security protocols. Industry observers warn that the lack of immediate accountability could further erode user trust in decentralized finance platforms.
The Radiant Capital exploit serves as a sobering reminder of the vulnerabilities facing the sector. In 2025 alone, over $3.1 billion has been lost to hacks and scams, with many incidents involving advanced social engineering tactics rather than just code flaws.
Security professionals say the Radiant Capital exploit reflects a troubling shift in attacker methodology. Rather than simply probing smart contracts for weaknesses, sophisticated adversaries are blending technical exploits with personal deception, making traditional defenses less effective.
“The best code audits in the world can’t save you if your team is socially engineered into approving malicious actions,” — Cheng added. “The Radiant Capital exploit illustrates this perfectly.”
As the DeFi market continues to expand, the scale and sophistication of cyberattacks are likely to grow in parallel. For investors, the Radiant Capital exploit underscores the importance of not just evaluating a project’s returns, but also its security posture, team practices, and transparency after incidents.
With the attacker now sitting on over $100 million in combined profits and remaining assets, the Radiant Capital exploit has cemented itself as both a cautionary tale and a vivid case study in the evolving economics of cybercrime.
It underscores how modern exploits are no longer just about technical skill as they are intertwined with financial strategy, cross-platform asset laundering, and the growing sophistication of threat actors who treat attacks like high-yield investments.
In an era where DeFi protocols hold billions in accessible liquidity, the incident highlights not only the vulnerabilities in smart contract design but also the lucrative incentives driving cybercriminal innovation.
Copyright © 2025 - The Bit Gazette.
