Friday, October 31, 2025

EtherX › Hacker Linked to Radiant Capital Moves 5,411.8 ETH (~$20.7 M) into Tornado Cash Significant Privacy Tier Alert

Hacker Linked to Radiant Capital Moves 5,411.8 ETH (~$20.7 M) into Tornado Cash Significant Privacy Tier Alert

Friday, October 31, 2025 | EtherX

A recent major on-chain security incident has rattled the DeFi community: blockchain analytics firm PeckShield has tracked a transfer of 5,411.8 ETH, valued at about $20.7 million, from addresses connected to Radiant Capital to the mixing service Tornado Cash. 

What Happened and Who’s Involved

According to PeckShield monitoring data, the movement originates from wallets tied to the Radiant Capital exploit, where the attacker consolidated ETH and then routed it into Tornado Cash a decentralised mixing service often used to obscure fund trails. The long-tail keyword “Radiant Capital hacker transfers 5,411.8 ETH to Tornado Cash worth $20.7 million” highlights the scale and identity of the transaction.

Radiant Capital, a cross-chain borrowing and lending protocol, previously suffered a significant exploit in mid-2025 in which tens of millions in assets were drained. The recent transfer underscores that parts of the compromised funds are still being moved and laundered.

Why This Matters for the Crypto Ecosystem

The movement of such a large volume of ETH into a mixing service triggers multiple red flags:

  • It highlights the ongoing risk of “crypto-mixing service usage by hackers”, which complicates asset recovery and forensic tracing.

  • The transaction may mark a “laundering of exploit proceeds”, meaning law-enforcement agencies and blockchain forensics will need to trace multiple subsequent hops.

  • For holders of ETH and participants in DeFi, this event sheds light on the vulnerability of cross-chain systems and the potential collateral damage through confidence erosion.

The long-tail keyword “crypto mixer Tornado Cash usage by exploit funds” emphasises this pattern of laundering.

The Broader Context

While Tornado Cash has come under regulatory scrutiny in various jurisdictions for its role in obfuscating criminal proceeds, on-chain data shows stiff continued usage of the mixer. In this case, the “Radiant Capital exploiter moves ETH to Tornado Cash mixing service” scenario serves as a fresh reminder of how seamlessly hackers move between DeFi protocols and mixing infrastructure.

What We Know Technically

  • The transfer: 5,411.8 ETH moved in one or more batched transactions from wallets flagged as Radiant-exploit related into Tornado Cash. 

  • Approximate USD value: $20.7 million based on prevailing ETH price at time of transfer. 

  • Purpose: Though unconfirmed, the immediate routing to a high-privacy mixer strongly indicates asset laundering rather than operational treasury movement.

What To Watch Going Forward

  • Whether any portion of the funds get converted into stablecoins or other chains, which may create further traceable exit patterns.

  • Whether law-enforcement agencies impose sanctions or freeze movements associated with flagged wallets.

  • The price and sentiment effect on ETH and DeFi lending/borrowing protocols, particularly if more exploit-fund movements surface.

  • Whether additional wallets linked to Radiant Capital will be flagged: the long-tail keyword “tracking Radiant Capital exploit fund flows 2025” captures this ongoing investigation.

Frequently Asked Questions (FAQs)

Q1: What exactly did hackers linked to Radiant Capital do?
A1: Hackers moved a block of 5,411.8 ETH, worth about $20.7 million, into the privacy-mixing service Tornado Cash. The funds originated from wallets tied to the earlier Radiant Capital exploit. 

Q2: Why are mixers like Tornado Cash significant in crypto-hacks?
A2: Mixers obscure the transaction trail by pooling assets and redispersing them, making it harder for forensic trackers to trace stolen funds hence they are often used in laundering exploit proceeds.

Q3: Does this movement mean all the stolen Rain-Capital funds are gone forever?
A3: Not necessarily. While this particular portion has entered a mixer, funds can still be tracked indirectly. Recovery depends on chain activity, freezing capabilities and legal action.

Q4: What is the impact on the broader DeFi ecosystem?
A4: Such events undermine trust in protocols, raise regulatory and security scrutiny, and may result in increased insurance and monitoring costs for DeFi platforms.

Q5: What can users and investors do to mitigate risk?
A5: Users should focus on protocol security (audits, multi-sig design), avoid over-exposure to single protocols, review chain-flow alerts, and stay informed about exploit announcements.

Q6: Will this incident affect ETH’s price or market sentiment?
A6: Potentially yes. Large-scale exploit movements can trigger risk-off sentiment, influencing ETH price and liquidity in DeFi markets, especially if paired with broader stress.