The hacker behind the Radiant Capital breach has moved $10.8 million worth of Ethereum into Tornado Cash, one year after the project’s lending pool was exploited, resulting in a significant loss of $53 million. This laundering operation through the crypto mixer Tornado Cash has made tracking the stolen funds nearly impossible.
Tornado Cash Facilitates Fund Laundering
Utilizing Tornado Cash, the hacker has obscured the origins of the stolen funds. According to on-chain monitoring platform CertiK, the funds were laundered in smaller increments, a tactic designed to confuse any tracking efforts. The anonymity features of Tornado Cash further complicate the investigation and recovery process.
The laundered Ethereum originated from various bridge addresses, including the Stargate Bridge and Synapse Bridge. The attacker initially transferred the funds to an intermediary address, 0x4afb, before dispersing them across multiple wallets. CertiK revealed that one of the larger transactions involved moving 2,236 ETH to the address 0x3fe4, which subsequently distributed the funds to three additional wallets.
In August 2025, the hacker exchanged 3,091 ETH for 13.26 million in USD-backed DAI stablecoins. The DAI was then shuffled through a series of wallets, creating further obfuscation before being converted back into Ethereum. This strategic maneuvering culminated in the deposit of 2,834 ETH into Tornado Cash, effectively rendering the funds untraceable.
Radiant Capital Hack and Recovery Efforts
The Radiant Capital hack occurred on October 16, 2024, when an attacker exploited vulnerabilities in the project’s multi-signature wallet, gaining control over three out of eleven signer permissions. This breach allowed the hacker to replace the implementation contract of the lending pool, leading to the theft of funds valued at $53 million at the time.
In an unexpected turn, the hacker managed to multiply the stolen funds into 21,957 ETH, which was valued at $53 million initially, ultimately growing their total holdings to $94 million. Notably, the hacker held onto the stolen ETH for nearly ten months before laundering it.
In the aftermath of the theft, Radiant Capital has been collaborating with the FBI, Chainalysis, and other security firms to recover the stolen assets. However, the involvement of Tornado Cash poses significant challenges, making it increasingly difficult for authorities to trace and recover the funds. As the laundering process continues, the likelihood of successful recovery diminishes.
The hacker’s actions not only highlight the vulnerabilities present in decentralized finance (DeFi) protocols but also raise concerns about the effectiveness of current regulatory frameworks in tackling such incidents. As the crypto landscape evolves, the need for enhanced security measures and increased collaboration among stakeholders becomes paramount.
