- Radiant Capital hackers have moved more than 5,400 Ethereum (ETH) tokens.
- Blockchain security firm PeckShield says the exploiter routed ETH to the Tornado Cash crypto mixer.
- Radiant Capital suffered a $50 million security breach in October 2024.
Blockchain security firm PeckShield reported that the exploiter behind the 2024 Radiant Capital hack has moved 5,400 Ethereum (ETH). The firm issued an alert on October 31, 2025, noting that a significant ETH transfer was deposited into the Tornado Cash mixer.
This latest movement of stolen Radiant Capital coins comes more than a year after the protocol was compromised. At the time of writing, Ethereum (ETH) was trading around $3,832, down 1.5% over the past 24 hours and about 3.2% over the past week.
Radiant exploiter deposits 5,411 ETH
The Radiant Capital lending protocol experienced a major security breach on October 16, 2024, when roughly $51 million of user funds were drained from its pools on Arbitrum and BNB Chain. Following the incident, cybersecurity researchers linked the exploiter to a North Korea–sponsored threat actor, and Radiant sought assistance from law enforcement agencies including the FBI.
Over the following year, the stolen funds showed repeated on-chain movements consistent with laundering attempts. On October 31, 2025, PeckShield warned that the exploiter deposited 5,411.8 ETH—about $20.7 million at the time—into Tornado Cash.
#PeckShieldAlert #RadiantCapital Exploiter deposited 5,411.8 $ETH (worth ~$20.7M) into #TornadoCash. pic.twitter.com/Ouqiue0soF
— PeckShieldAlert (@PeckShieldAlert) October 31, 2025
The transfers were executed in a series of deposits denominated in 0.1 ETH, 1 ETH, 10 ETH and 100 ETH increments. On-chain data shows the hacker address 0x0fa503e4…2e748ef9e sending coins to the mixing service.
Radiant ETH keeps moving: not the first time
This more-than-$20 million transfer from the exploiter’s address to Tornado Cash is not an isolated event. On September 11, 2025, the suspected attacker moved 5,933 ETH (roughly $26.7 million at that time) also through a mixer. Earlier, on August 12, 2025, the exploiter swapped 3,091 ETH for about $13.26 million in DAI stablecoin, further diversifying holdings.
There were also deposits totaling 2,834.6 ETH into a mixing service via the Arbitrum bridge as the attacker broke the large theft into smaller batches. These patterns—splitting funds and using mixers and bridges—are common techniques used to obfuscate the origin of stolen crypto.
At the start of October, blockchain forensics firm Elliptic reported that North Korea–linked hacking groups had stolen more than $2 billion in cryptocurrency in 2025 alone, marking the largest annual total on record for those actors. Overall, these groups have stolen more than $6 billion in crypto, Elliptic said. The firm noted that many of the 2025 thefts involved social engineering attacks, in which hackers tricked or manipulated individuals to gain access to cryptocurrency.