Radiant Capital hacker transfers $10.8 million to Tornado Cash

The Radiant Capital hacker recently deposited 2,834 ETH into Tornado Cash, a mixer protocol, a year after abusing the project’s financing pool, resulting in losses of $53 million.

According to on-chain monitoring platform CertiK, hackers laundered approximately $10.8 million worth of Ethereum through mixer platform Tornado Cash. This move will make it even more difficult for on-chain detectives and authorities to trace stolen funds, along with additional ETH earned through previous transactions and swaps to DAI.

CertiK’s charts show that the funds were originally absorbed from bridge addresses such as Stargate Bridge, Synapse Bridge, and Drift FastBridge, and that the attackers first moved large amounts of ETH to intermediate addresses starting with 0x4afb.

From the main wallet, the attackers began distributing funds through a series of small transfers. One notable pass moves 2,236 ETH from 0x4afb to 0x3fe4, then moves the funds to three more Ethereum wallets.

The Radiant Capital hacker moved some of the stolen funds through a series of wallets before depositing them into Tornado Cash | Source: CertiK

You may also like: Radiant Capital hacker nearly doubles funds stolen through ETH transactions

In August 2025, hackers offloaded 3,091 Ethereum and exchanged it for USD 13.26 million in DAI (DAI) stablecoin. The hackers then moved the DAI tokens to a series of other wallets before converting them back to ETH. The hackers then dumped 2,834 ETH into cryptocurrency mixer Tornado Cash, making it virtually untraceable.

Before Tornado Cash was deposited, the Radiant Capital hacker held approximately 14,436 ETH and 35.29 million DAI, making up a portfolio worth $94.63 million.

Over the past year, Radiant Capital has been working with the FBI, Chaineries, and other Web3 security companies, including SEAL911 and ZeroShadow, to recover funds stolen after the hack. However, the chances of recovery remain low, especially now that hackers are depositing their funds on cryptocurrency mixer platforms like Tornado Cash.

What happened to Radiant Capital?

On October 16, 2024, Radiant Capital suffered a $53 million loss from its ARB (ARB) and BSC (BNB) networks following an attack on its loan pool. This attack was one of the most damaging cryptocurrency exploits of the year.

The attacker was able to control 3 of the 11 signer privileges in the system’s multi-signature wallet and replace the Radiant loan pool implementation contract to steal funds. The hackers reportedly used a specific piece of malware designed to infiltrate macOS hardware called INLETDRIFT.

After the theft, the stolen funds were converted into 21,957 ETH, worth $53 million at the time. The hackers were then able to nearly double their funds, increasing their holdings to $94 million. Instead of selling the funds immediately, the hackers continued to hold on to the ETH for approximately 10 months, which allowed the abusers to add $49.5 million to the funds they initially stole.

According to Mandiant’s after-action report, the hacker is suspected of having ties to North Korea. Mandiant claimed that the attack was carried out by the AppleJeus hacker group, an affiliate of the North Korean hacker network.

This incident marked the second breach that Radiant Capital had to encounter. The protocol was the victim of a small-scale $4.5 million flash loan exploit earlier that year.

read more: Shiny Capital Hackers Looted $53 Million for 94% Profit. Here’s how they do it: