Major Transaction by Hacker Linked to Radiant Capital Exploit
A hacker associated with the October 17, 2024, breach of the cross-chain lending platform Radiant Capital has conducted a significant on-chain transaction, swapping 3,091 tokens for 13.26 million DAI stablecoins. The Ethereum tokens were liquidated at a price of $4,291 each, culminating in a total liquidation value of $13.26 million. After this conversion, the hacker transferred the DAI to a different wallet address, a strategic maneuver seemingly intended to conceal the source of the stolen funds and evade detection.
First Liquidation Post $53 Million Breach
This transaction represents the first identifiable liquidation of assets stolen during the $53 million attack that compromised Radiant Capital’s 3-of-11 multisig security model. The attack was orchestrated with precision, having employed malicious smart contracts deployed across various blockchain networks—including Arbitrum, Base, BSC, and Ethereum—more than two weeks before the exploit on October 2, 2024. The breach utilized INLETDRIFT malware, specifically designed for macOS, which granted the attackers backdoor access to hardware wallets through a sophisticated man-in-the-middle technique.
Initial Access Through Deceptive Communication
The hacker’s initial access was gained through a forged Telegram message sent to a developer at Radiant Capital on September 11, 2024. This message, masquerading as a communication from a trusted former contractor, contained a harmful ZIP file disguised as a legitimate PDF. When the file was opened, it stealthily installed backdoor access, enabling the attacker to run commands and retrieve sensitive transaction information.
Strategic Shift to Stablecoins
The recent conversion of stolen Ethereum into DAI signifies a calculated shift by the hacker to transform less liquid cryptocurrency assets into a stable and widely accepted digital currency. DAI, being pegged to the US dollar, is frequently used in illicit dealings to obscure the origins of funds and facilitate subsequent transactions. The transfer to a new wallet further indicates that the hacker is actively managing the stolen assets to minimize risks of detection and enforcement actions.
Concerns Over DeFi Security Risks
This incident has intensified widespread concerns regarding security within the decentralized finance (DeFi) sector, particularly in light of vulnerabilities associated with smart contracts. Experts have underscored the necessity for more rigorous audit processes, real-time surveillance systems, and improved security training for developers to mitigate the risk of future attacks. The delayed liquidation of the stolen assets further underscores the long-term strategic planning characteristic of cybercriminals operating in the DeFi landscape.
The Importance of Security in an Evolving DeFi Sector
As the DeFi industry continues to progress, this scenario serves as a critical reminder of the vital need for robust security protocols. With numerous platforms offering enticing high-yield investment opportunities and open access, striking a balance between innovation and security remains a pivotal challenge for the industry. Investors and developers are now closely observing ongoing developments in the Radiant Capital incident, acutely aware of its potential ramifications for the broader cryptocurrency market.
