Radiant Capital Hacker Turns $10M into $19.35M Overnight – 93.5% ETH Surge Sparks Frenzy

DeFi's latest heist just got a bullish twist—the Radiant Capital attacker didn't just steal funds, they played the market like a Wall Street quant.

From Hack to Windfall

While victims scrambled, the hacker's ETH stash ballooned by 93.5%—turning their loot into nearly double its original value. Who needs insider trading when you've got crypto volatility?

Yield Farming Gone Rogue

The exploit exposed DeFi's double-edged sword: protocols promise APYs, but hackers are the ones hitting jackpots. Auditors take note—this thief outperformed most hedge funds last quarter.

As the blockchain sleuths chase digital breadcrumbs, one thing's clear: in crypto, even crime gets compounded.

Hacker’s Ethereum Windfall

According to the latest update by LookOnChain, the stolen 21,957 ETH has now been partially sold for profit. In fact, 9,631 ETH fetched approximately $43.94 million at an average price of $4,562.

The remaining 12,326 ETH is worth approximately $58.6 million, which brings the total holdings to $102.54 million – a profit of $49.5 million, or 48.5%.

Ethereum’s price surge has played a major role in boosting the value of the stolen funds from the Radiant Capital hack. At the time of the theft, ETH was trading near $2,500. Since then, the leading altcoin has seen a significant rally along with the rest of the crypto market, surging past $4,700 to mark a multi-year high.

Radiant Capital Heist

In its post-mortem report, the platform had said that it is working closely with US law enforcement, including the FBI. Later released findings from Radiant, supported by Web3 security firms including Mandiant, zeroShadow, Hypernative, and SEAL 911, pointed to a meticulously planned social engineering campaign that began more than a month before the breach.

The attackers Leveraged Telegram to impersonate a trusted former contractor, thereby sending a booby-trapped file disguised as a smart contract auditing report. The file, in reality, delivered INLETDRIFT, a macOS backdoor malware capable of manipulating front-end transaction data.

This tactic exploited human trust as much as technical vulnerabilities, as developers unknowingly approved malicious transactions that appeared legitimate in simulations and verification tools.

Meanwhile, zeroShadow corroborated Radiant’s assessment and attributed the incident to North Korea-linked actors with “high confidence” based on both on-chain and off-chain indicators. The Web3 security firm had then noted,

“We have tracked the movements to Hyperliquid as stemming from Radiant users failing to revoke permissions, and not the initial incident’s stolen funds.”

The October breach was the second hack against Radiant in 2024. Earlier in January of that year, a smart contract flaw cost the DeFi platform $4.5 million.