12.08.2025 16:26

A hacker responsible for the October 17, 2024, theft of $53 million from the Radiant Capital cross-chain lending protocol has recently liquidated a portion of their ill-gotten gains. The perpetrator converted 3,091 Ethereum (ETH) tokens into 13.26 million DAI stablecoins, netting approximately $4,291 per ETH during the transaction, as tracked by Onchain Lens. This significant transaction demonstrates a continued effort to obfuscate the stolen funds.

Following the conversion, the hacker swiftly transferred the entire 13.26 million DAI stash to a new wallet address. This rapid movement strongly suggests an attempt to hinder investigations and evade detection by law enforcement and blockchain analytics firms. The transaction represents only a fraction of the overall sum stolen during the October attack, indicating further liquidation events are likely.

Analysis reveals a meticulously planned attack preceding the October 17th exploit. Over a month prior, specifically on October 2nd, 2024, compromised smart contracts were deployed across various blockchain networks, including Arbitrum, Base, Binance Smart Chain (BSC), and Ethereum itself. This strategic pre-positioning allowed the hackers to execute their attack on October 16th, targeting Radiant's 3-of-11 multisig security mechanism under the guise of routine emissions adjustments.

The sophisticated nature of the attack involved the use of INLETDRIFT malware, a macOS-specific tool, which provided the hackers with persistent backdoor access. Weeks of preliminary work and setup preceded the final exploit, suggesting a highly organized and well-resourced operation potentially linked to North Korean threat actors, according to internet sources. The incident highlights the ongoing vulnerabilities within decentralized finance (DeFi) protocols and the increasing sophistication of cybercriminal activities targeting this space.