- The Radiant Capital hacker moved more than 5,400 Ethereum (ETH) tokens.
- Blockchain security firm PeckShield says the exploiter routed ETH through the Tornado Cash mixer.
- Radiant Capital suffered a security breach worth $50 million in October 2024.
Blockchain security firm PeckShield reported that the actor responsible for the 2024 Radiant Capital exploit recently moved 5,400 Ethereum (ETH) tokens.
PeckShield issued an alert on October 31, 2025, noting a large ETH transfer that was deposited into the Tornado Cash mixing service.
This latest movement is the most recent in a series of transactions tied to the Radiant Capital incident more than a year after the protocol was exploited.
At the time of reporting, Ethereum (ETH) traded near $3,832, down roughly 1.5% over the prior 24 hours and about 3.2% over the last seven days.
Radiant hacker moves 5,411 ETH
The lending protocol Radiant Capital suffered a major security breach on October 16, 2024, when roughly $51 million in user funds was drained from its pools on Arbitrum and the BNB Chain.
Following the incident, investigators linked the attackers to groups reportedly sponsored by the North Korean state.
Radiant also sought assistance from law enforcement, including the FBI.
Over the subsequent year, the stolen funds showed repeated on-chain movements consistent with laundering attempts.
On October 31, 2025, PeckShield alerted that the exploiter deposited 5,411.8 ETH—worth about $20.7 million—into Tornado Cash.
#PeckShieldAlert #RadiantCapital Exploiter deposited 5,411.8 $ETH (worth ~$20.7M) into #TornadoCash. pic.twitter.com/Ouqiue0soF
— PeckShieldAlert (@PeckShieldAlert) October 31, 2025
The transfer consisted of a sequence of deposits in denominations of 0.1 ETH, 1 ETH, 10 ETH, and 100 ETH.
On-chain records show the attacker address 0x0fa503e4…2e748ef9e sending coins to the mixing service.
Radiant ETH in motion: recurring transfers
This movement of more than $20 million in ETH from the attacker address into Tornado Cash is not an isolated event.
On September 11, 2025, the same suspected actor moved 5,933 ETH, valued at roughly $26.7 million at the time, again routing funds through a mixer.
Earlier, on August 12, 2025, the attacker converted 3,091 ETH into about $13.26 million in the DAI stablecoin, further diversifying the stolen holdings.
There was also a deposit of 2,834.6 ETH into a mixing service via the Arbitrum bridge, reflecting a pattern of breaking large sums into smaller batches.
In early October, blockchain intelligence firm Elliptic reported that hackers linked to North Korea had stolen more than $2 billion in cryptocurrency during 2025 to date, calling it “the largest annual haul by North Korea-linked actors on record.”
Elliptic noted that these actors have collectively stolen over $6 billion in crypto to date, and that many 2025 breaches involved social engineering—where attackers manipulate individuals to gain access to funds.