The cyber assailant is responsible for last week’s exploit of Radiant Capital, a decentralized lending and borrowing protocol. It also virtually doubled their unlawful gains after carrying out a series of speculative Ethereum (ETH) trades. Blockchain analysis shows that the hacker, who initially withdrew millions during the hack, has since navigated through decentralized exchanges (DEXs). It uses ETH’s price volatility to enhance its profits.
The Radiant Capital hack that shook the DeFi lending space last week saw the protocol lose a massive amount of digital tokens because of its smart contracts’ vulnerability. While initially put at around $4.5 million, the loss was much larger after observing the trading activity of the attacker later on.
According to on-chain data provided by security firms PeckShield and CertiK, the hacker right away swapped large portions of those pilfered stablecoins and tokens to Ethereum. And by buying at ETH’s recent bull run, they could exchange the loot to about twice its original value, which raised speculation that hackers are not only stealing coins but are actually speculating on coins they steal.
This development underscores a troubling trend within the decentralized finance ecosystem. Rather than attempting to immediately cash out through mixers like Tornado Cash, the Radiant attacker appears to be playing the long game, treating stolen funds as trading capital.
Hacker’s ETH accumulation came during a price upswing for Ethereum over the last two weeks. It sparked speculation about whether large-scale trades of this kind might have had a marginal effect on liquidity pools. Though Ethereum’s liquid market makes it immune to individual players, sudden shifts of millions of ETH on decentralized exchanges are bound to command attention.
Radiant Capital, meanwhile, tried to reassure its community. The protocol team, in a statement, affirmed that they are actively collaborating with blockchain security specialists and law enforcement agencies to track the attacker’s wallets.
However, community members were disturbed. On Radiant’s administration forums, users posted about whether they should put forward a reimbursement structure or apply stricter third-party audits before resuming all operations.
The Radiant hack adds to a growing list of security incidents plaguing the DeFi sector in 2025. Just last month, another protocol, UwU Lend, suffered a multi-million-dollar breach, further amplifying calls for more rigorous security frameworks across decentralized finance.
Experts warn that the Radiant case highlights two primary risks:
“Police might be tracking wallets, but as long as DeFi is permissionless, attackers are going to find innovative ways to launder and grow their ill-gotten gains,” blockchain security analyst Priya Desai told The Block on Tuesday.
Radiant Capital is under growing pressure to act decisively, with the hacker’s ETH hoard much larger now. Though certain protocols have previously been able to negotiate with hackers to recover partial assets, often referencing a “white-hat” settlement.
The DeFi community waits to see what happens next for now. Whether or not user trust can be restored to Radiant will be determined by its short-term security enhancements and its longer-lived resilience.
Turn to Chainbull for insights on the crypto market.
