The hackers behind last year’s $53 million shining capital exploits have almost doubled the value of stolen funds through a well-timed Ethereum trading strategy.
summary
- Radiant Capital Hacker has increased funds stolen through ETH and DAI transactions from $53 million to $94 million.
- The October 2024 attack used Macos malware to exploit Radiant’s multi-sig wallet.
- The attribution points to North Korea-related Applejeus with little chance of recovery.
According to on-chain analyst Embercn’s August 19 X Post, hackers previously sold 9,631 Ethereum (ETH) for an average of $4,562 for 43.9 million DAIs (DAIs).
The Wallet currently has 14,436 ETH and 35.29 million DAIs, a portfolio worth $94.63 million. This represents more than $41 million in profits than the initial value of the stolen funds. Blockchain Analytics Firm Lookonchain said the decision to maintain most of ETH’s assets during the rally played a major role in increasing the balance.
Ah, nice guy, this shining capital hacker is actually playing a band 😂:
Did he sell 9,631 ETH for an average price of $4,562 a week ago and not trade it for 43.937 million DAI?
ETH has been called recently. In the past hour, he bought back 2,109.5 ETH at a price of $4,096 for a $8.64 million DAI…Radiant Capital Hackers holds 14,436 ETH+35.29 million… https://t.co/ho4mbnprjd pic.twitter.com/ihlyhpmnav
– Embers (@embercn) August 20, 2025
You might like it too: Btcturk’s $48 million hack compound Crypto dark summer security obstacles
From $53 million robbery to $94 million stash
The multi-chain distributed finance protocol, the radiation capital violation in October 2024, was one of the most harmful attacks of the year. By breaching the core team’s multi-signature wallet through MacOS-specific malware called InletDrift, the attacker siphoned the tokens from the lending pools of the Arbitrum (ARB) and BNB (BNB) chains.
At the time, the stolen assets were quickly converted to 21,957 ETH, valued at around $53 million when Ethereum was trading nearly $2,500. Rather than liquidating the holdings, the hackers held the ETH because prices rose. Over the past few weeks, attackers have made several deals to increase exposure.
Attribution and continued risk of radioactive capital hacks
The attack is linked to the North Korean Applejeus group known by some blockchain security experts for targeting exchanges and Defi protocols. Radiant Capital has worked with Web3 security companies such as the FBI, Chain Melting, SEAL911 and Zeroshadow after the hack, but the prospect of a recovery remains modest as funds continue to move through Ethereum-based trading activities.
The October incident marked the second sparkle violation in 2024, following a lack of $4.5 million flash loan exploits earlier that year. It highlights Defi’s persistent security risks, which are already seeing major losses in 2025.
With more than $94 million currently under control, the attacker’s next move will be watched closely by analysts and security teams.
read more: Credix Hacker agrees to return $4.5 million after successful negotiations
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
