The Radiant Capital hack saw a $53 million theft amplified to roughly $95 million through strategic Ethereum trading across BNB Chain and Arbitrum; the attacker exploited multisig and protocol vulnerabilities, highlighting urgent DeFi security weaknesses and the need for stronger multisig controls.
-
Hacker expanded stolen assets from $53M to $95M via strategic Ethereum trades
-
Exploit affected Radiant Capital on BNB Chain and Arbitrum, draining lending liquidity
-
On-chain analysis shows market-timed trades; multisig vulnerabilities and macOS malware were involved
Radiant Capital hack: $53M theft grew to $95M via Ethereum trades; read the forensic analysis and recommended multisig security steps.
What is the Radiant Capital hack?
The Radiant Capital hack was a coordinated exploit in October 2024 that initially removed approximately $53 million from the protocol and, through strategic Ethereum trades, resulted in a portfolio valued near $95 million. The attacker exploited multisig and lending-protocol vulnerabilities on BNB Chain and Arbitrum.
How did the attacker turn $53M into $95M?
On-chain forensic data shows the attacker executed timed Ethereum trades to capitalize on market conditions, converting illiquid holdings into more liquid ETH positions at higher realized values.
Trades were performed across decentralized exchanges and liquidity pools to maximize returns while avoiding immediate large slippage.
What vulnerabilities were exploited?
The breach combined a compromised multisig signing process and protocol-level weaknesses in Radiant Capital’s lending implementation. Analysts report macOS malware named INLETDRIFT was used to obtain signing material, with possible—but unconfirmed—links to the AppleJeus actor string mentioned by security firms.
Frequently Asked Questions
How much was stolen in the Radiant Capital exploit?
Initial on-chain reports indicate the attacker removed roughly $53 million; subsequent market operations and asset conversions increased the attacker’s holdings to an estimated $95 million.
Was any regulatory action taken after the breach?
As of the latest update, no public regulatory enforcement actions have been announced by bodies such as the SEC or CFTC; investigations remain ongoing across multiple jurisdictions.
How can DeFi projects harden multisig security?
Best practices include threshold signing, hardware security modules (HSMs), isolated signing environments, routine multisig audits, and emergency timelocks to limit single-transaction impact.
Key Takeaways
- Strategic trading amplified theft: The attacker increased value from $53M to ~$95M via timed ETH trades.
- Multisig and protocol weaknesses: Combined operational and code vulnerabilities enabled the breach.
- Defensive steps required: Enhanced multisig controls, hardware signing, and liquidity safeguards are urgent.
When did the incident occur and what followed?
The theft occurred in October 2024 and triggered immediate liquidity shocks on affected chains. Exchanges and on-chain monitors observed elevated volatility as the attacker converted assets into Ethereum to optimize exit value.
Comparative summary
| Metric | Initial Value | Post-trading Value |
|---|---|---|
| Stolen assets | $53,000,000 | — |
| Estimated attacker holdings after trades | — | ≈ $95,000,000 |
| Primary chains affected | BNB Chain, Arbitrum | |
Expert analysis
“The hacker’s strategic trading demonstrated a sophisticated understanding of market timing and exploitation of vulnerabilities, effectively increasing their holdings from $53 million to $95 million.” — Unnamed Analyst, Blockchain Intelligence Firm
Conclusion
This Radiant Capital incident underscores persistent DeFi risks: operational multisig compromises, malware-enabled breaches, and aggressive market operations can materially increase attacker gains. Protocols must prioritize multisig hardening, routine audits, and incident response plans to restore user confidence and reduce systemic risk.
Published: 2024-10-15 — Updated: 2025-08-21 | Author: COINOTAG
