The individual responsible for the recent Radiant Capital breach has allegedly transferred nearly all of the stolen cryptocurrency, estimated to be around $52 million, from Layer-2 networks to Ethereum.
Blockchain security firm PeckShield disclosed this information on October 24, further diminishing hopes for the recovery of the funds.
Attacker Close to Completing Fund Transfer
As per PeckShield, the attacker’s on-chain activities indicated that approximately 20,500 ETH tokens were bridged from Arbitrum and Binance’s BNB Chain to Ethereum. These funds were linked to the attack on October 16 that compromised the smart contracts of Radiant Capital.
Ancilia Inc., another blockchain security firm, was the first to identify the dubious activities, which initially resulted in a loss of at least $18 million worth of crypto assets from Radiant’s liquidity pool on the Binance network. The hacker subsequently broadened the attack to the DeFi protocol’s pool on Arbitrum, exacerbating the losses.
A detailed analysis of the attack revealed that the perpetrator gained access by compromising a multi-signature wallet that secured Radiant’s assets. They were able to obtain the private keys of three out of eleven signers, which allowed them to upgrade the platform’s contracts and transfer ownership.
This process enabled the bad actor to deplete various trading pools, including those holding popular cryptocurrencies like USDC, USDT, wBTC, wETH, and BNB.
Recovery Efforts at Risk?
The incident on October 16 marks the second time this year that hackers have targeted Radiant. In January, the DeFi platform suffered a loss of $4.5 million due to a weakness in its smart contract.
Since then, the company has reached out to U.S. law enforcement, including the FBI, and has partnered with cybersecurity firms like SEAL911 and ZeroShadow in an effort to reclaim the stolen funds.
However, the thief’s transfer to Ethereum suggests attempts to obscure their trail, complicating recovery measures. Furthermore, Radiant has acknowledged that, given the advanced nature of the execution, even the enhanced security protocols it has implemented may not have been sufficient to avert the exploit.
Transferring funds to Ethereum is frequently a final step before criminals launder stolen assets through crypto mixers like Tornado Cash. CryptoPotato has previously reported on similar cases, such as the notorious $235 million WazirX hacker who systematically moved their ill-gotten gains in batches since the theft occurred in mid-July.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and claim a $600 exclusive welcome bonus on Binance (full details).
LIMITED OFFER 2024 at BYDFi Exchange: Up to $2,888 welcome reward, use this link to register and create a 100 USDT-M position for free!