Radiant Capital Hacker Sells 3,091 ETH for $13.26M in DAI

Radiant Capital faces another blow in the ongoing aftermath of the October 2024 cyberattack. The hacker, who drained $53 million from the protocol at the time, has now sold 3,091 ETH worth $13.26 million, immediately transferring the proceeds to another wallet.

Selling ETH for DAI Stablecoins According to Onchain Lens data, the hacker converted his Ethereum holdings into DAI stablecoins at a rate of $4,291 per ETH, totaling $13.26 million.

Right after the conversion, the entire amount was moved to a new wallet address — a move that suggests the attacker is still trying to cover his tracks and evade on-chain monitoring. This sale represents only a fraction of the $53 million stolen during the October 17, 2024 exploit on the cross-chain lending protocol Radiant Capital. It appears the hacker is gradually liquidating different cryptocurrency positions from the original theft.

An Attack Weeks in the Making Investigations revealed the attack was meticulously planned and executed in multiple stages:

🔹 October 2, 2024 – Malicious smart contracts were deployed on blockchain networks including Arbitrum, Base, BSC, and Ethereum.

🔹 October 16–17, 2024 – The exploit targeted Radiant’s 3-of-11 multisig security mechanism, disguised as a routine emissions adjustment.

🔹 Hackers had prepared infrastructure weeks in advance, coordinating a simultaneous strike across multiple networks.

North Korean Links and macOS Malware Security experts have tied the breach to North Korean state-sponsored actors who used a specialized macOS malware called INLETDRIFT.

This malware granted attackers backdoor access and enabled man-in-the-middle attacks on transaction signing processes. Developers saw legitimate transaction details on their screens while malicious commands were executed on their hardware wallets.

How the Hacker Got Inside The attack chain began on September 11, 2024, when a Radiant Capital developer received a spoofed Telegram message. The attacker posed as a trusted former contractor, asking for feedback on a “Penpie Hack Analysis Report.” The message was followed by an email containing a ZIP file supposedly holding a PDF analysis. In reality, it contained a malicious .app file with the INLETDRIFT malware. The hosting site for the file was crafted to look identical to the legitimate contractor’s domain.

When opened, the file appeared to display genuine analysis content while secretly installing backdoor access. This allowed the attacker to connect to command-and-control servers and execute a coordinated exploit across several blockchain networks at once.

#cryptohacks , #RadiantCapital , #CyberSecurity , #Ethereum , #CryptoNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies! Notice: ,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“