$53M Radiant Capital hacker $40M+ in profits trading ETH with stolen funds

Radiant Capital hacker has turned their $53 million heist to around $94.6 million after timing ETH trades strategically.

The attacker sold 9,631 ETH at an average rate of $4,562 and got $43.9 million DAI. Then they reentered the market with $8.64 million DAI, buying 2,109.5 ETH as prices declined. They currently hold 14,436 ETH and 35.29 million DAI, valued at $94.63 million.

Radiant Capital Hacker executes profitable ETH swing trading

EmberCN, an analyst, tracked the Radiant Capital hacker who utilized stolen money as a trading tactic to earn profits. The hacker sold 9,631 ETH worth on average $4,562 with a profit of 43.937 million DAI alone last week. That was when Ethereum made local highs before the market correction.

The hacker had been waiting for ETH price pullback in the past few days before implementing the buyback strategy. With $8.64 million DAI in the last hour, they bought 2,109.5 ETH for $4,096 per token. It is a $466 price difference per ETH between buy and sell orders achieving massive arbitrage profits.

Current portfolio investments include 14,436 ETH tokens and 35.29 million DAI, with a total value of $94.63 million. The original October 2024 heist was worth around $53 million.

The trading plan is like that of experienced market makers, who short at resistance areas and long on support bounces. Volatility in the price of ETH during the range of $4,562 to $4,100 provided perfect conditions for swing trading gains.

October 2024 attack netted $53 million

The Radiant Capital attack occurred on 16 October 2024 and resulted in an estimated $53 to $58 million loss from user funds.

Hackers accessed Radiant’s multisignature wallet system, which was built around a 3-of-11 model requiring three of eleven signers to sign transactions. The hackers were able to steal three private keys, precisely hitting the threshold to access. They were able to update smart contracts and siphon funds from the protocol treasury.

Attack planning commenced weeks prior to deployment with buggy contracts rolled out on October 2, 2024. This 14-day attack planning gave attackers time to test systems and strategize extraction techniques. The timing indicates deliberate planning as opposed to opportunistic exploitation.

Cybersecurity firm Mandiant worked with Radiant Capital to investigate the attack and identify threat actors. The investigation revealed state-level sophistication in both attack methods and execution timing.

Join Bybit now and claim a $50 bonus in minutes