Radiant Hacker Converts 3,091 ETH to $13.26 Million DAI in Latest Heist

- Over 3,091 stolen ETH converted to $13.26 million in DAI. - Funds tied to $53 million Radiant Capital exploit from October 2024. On August 12, 2025, the hacker behind the $53 million Radiant Capital exploit from October 2024 converted 3,091 stolen Ethereum (ETH) into 13.26 million DAI stablecoins. According to reports on August 12 from Cryptopolitan, Crypto News, and Mitrade, the attacker executed the conversion at a price of $4,291 per ETH before transferring the entire sum of DAI to a new wallet to hide the funds' trail. The Radiant Capital exploit represents one of the most sophisticated cyber thefts in decentralized finance (DeFi) to date. Attackers targeted the cross-chain lending protocol with meticulously coordinated strategies. A post-mortem investigation by cybersecurity firm Mandiant, commissioned by Radiant Capital, revealed the attack's progression. It began on October 2, 2024, when the attackers deployed malicious smart contracts across Arbitrum, Base, Binance Smart Chain (BSC), and Ethereum. A phishing incident in September 2024 preceded the final exploit on October 17. According to reports, the phishing attack began with spoofed Telegram messages from an attacker impersonating a former Radiant Capital contractor. The attacker sent a ZIP file disguised as a PDF, which contained INLETDRIFT, a malware tailored for macOS. This malware created a backdoor on a Radiant Capital developer's device. Through this backdoor, the hackers launched a man-in-the-middle attack to bypass Radiant's 3-of-11 multisig treasury security during transaction signing. While the developer's screen showed legitimate data, the malware executed malicious commands behind the scenes. This technique allowed the attackers to steal from wallets across multiple blockchains. Mandiant linked the operation to the North Korea-based hacking syndicate AppleJeus, also known as Citrine Sleet. The group has committed numerous cybercrimes in the digital currency space, employing advanced phishing and crypto-stealing malware.