The person behind the recent Radiant Capital exploit has reportedly moved nearly all of the stolen crypto, valued at about $52 million, from Layer-2 networks to Ethereum.
Blockchain security firm PeckShield shared the information on October 24, further dampening any hopes of recovering the funds.
Attacker Almost Done Bridging Stolen Funds
According to PeckShield, the attacker’s on-chain footprint showed they had bridged about 20,500 ETH tokens from Arbitrum and Binance’s BNB Chain to Ethereum. The funds were part of the October 16 attack that compromised Radiant Capital’s smart contracts.
Another blockchain security company, Ancilia Inc., was the first to detect the suspicious activity, which initially resulted in the loss of at least $18 million worth of crypto assets from Radiant’s liquidity pool on the Binance network. The hacker then extended the attack to the decentralized finance (DeFi) protocol’s pool on Arbitrum, further escalating the losses.
A post-mortem of the attack showed that the perpetrator gained control by compromising a multi-signature wallet that secured Radiant’s funds. They were then able to obtain the private keys of three out of eleven signers, giving them the ability to upgrade the platform’s contracts and transfer ownership.
It enabled the bad actor to drain several trading pools, including those holding popular assets such as USDC, USDT, wBTC, wETH, and BNB.
Recovery Efforts in Jeopardy?
The October 16 incident is the second time hackers have targeted Radiant this year. In January, the DeFi platform lost $4.5 million due to a vulnerability in its smart contract.
The company has since engaged with U.S. law enforcement, including the FBI, and partnered with cybersecurity outfits like SEAL911 and ZeroShadow in an attempt to recover the stolen money.
However, the thief’s move to Ethereum suggests they may be trying to hide their trail, making recovery efforts that much harder. Further, Radiant has admitted that, given the sophistication of the execution, even the increased security measures it has now put in place may not have been enough to prevent the exploit.
Moving funds to Ethereum is often the last step before criminals launder stolen money through crypto mixers like Tornado Cash. CryptoPotato has reported such incidents in the past, including the infamous $235 million WazirX hacker who transferred their illicit gains in batches since they stole it in mid-July.
