Radiant Capital hacker offloaded 3,091 Ethereum tokens worth $13.26 million in DAI stablecoins. The exploiter sold ETH at $4,291 per token before transferring DAI to another wallet. This latest movement follows the October 17, 2024, hack that drained $53 million from the cross-chain lending protocol. Hacker liquidates stolen ETH holdings for stablecoin conversion The Radiant Capital exploiter converted 3,091 ETH tokens into 13.26 million DAI stablecoins during recent on-chain activity. Onchain Lens tracked the transaction, showing the hacker received $4,291 per Ethereum during the conversion process. Radiant Capital ( @RDNTCapital ) Exploiter sold 3,091 $ETH for 13.26M $DAI at a price of $4,291 and transferred the $DAI to another wallet. The platform was hacked for $53M on October 17, 2024. https://t.co/Hp8rEBFegT https://t.co/5OOIlwix59 pic.twitter.com/OW8EwNDVFO — Onchain Lens (@OnchainLens) August 12, 2025 The exploiter immediately transferred the entire DAI amount to a different wallet address after completing the conversion. This wallet transfer suggests the hacker continues moving stolen funds to avoid detection and tracking efforts. The transaction is a portion of the total $53 million stolen during the October 17 attack, as previously reported by Cryptopolitan . The hacker appears to be liquidating different cryptocurrency holdings from the original theft. October 2024 attack timeline reveals planning phase The Radiant Capital hack took place in carefully orchestrated stages over a month of preparation. Bad smart contracts were deployed on October 2, 2024, on multiple blockchain networks like Arbitrum, Base, BSC, and Ethereum. The deployment was 14 days before the actual exploit on October 16. The final attack targeted Radiant’s 3-of-11 multisig security mechanism in what appeared to be typical emissions adjustments. The attack infrastructure had previously been set up weeks prior by hackers following initial access. The North Korean threat actors coordinated the attack using INLETDRIFT malware customized for macOS platforms. The malware provided attackers with backdoor privileges under which they performed man-in-the-middle attacks on transaction signing processes. Developers could see legitimate transaction data on their screens while malicious commands were running on hardware wallets. The attack witnessed $53 million stolen from the treasury and user balances of the cross-chain lending protocol. Multiple blockchain networks were hit simultaneously during the concurrent attack on Radiant’s security systems. The attack started on 11th September 2024 when one of their Radiant Capital developers received a spoofed Telegram message. The attacker impersonated a reputable former contractor requesting feedback regarding a Penpie Hack Analysis Report. The attacker had emailed a ZIP file with what appeared to be a valid PDF document to open. The file contained INLETDRIFT malware within, yet appeared normal as a PDF with correctly formatted content. The hosting site for the file appeared almost identical to the legitimate contractor’s site to make it appear legitimate. If opened, the file appeared to contain normal analysis data, secretly installing backdoor access. The developer unknowingly executed an .app file that established communication with command and control servers. Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.
