Crypto security firm Ancilia has found itself in a precarious situation after mistakenly sharing a link that directed users to a cryptocurrency wallet drainer. This error occurred while the company aimed to assist those who had fallen victim to a significant $52 million exploit involving the lending protocol Radiant Capital.
Following the October 16 hack, Radiant Capital users were in a frenzy attempting to revoke their permissions on the protocol to safeguard their funds. The cyberattack resulted in an estimated loss of approximately $51.5 million. In a now-deleted post, Ancilia inadvertently propagated a link described as a “scam link,” originating from a fraudulent Radiant X account, which only compounded the problem for users trying to secure their assets.
The mishap was highlighted by a crypto commentator, who emphasized the importance of caution among trusted security platforms. The link shared by Ancilia posed a serious risk, allowing any user who clicked it to unwittingly provide access to their funds, leading to further losses.
Separately, De.Fi, another security firm, had raised awareness of the Radiant Capital hack on the same day, detailing how the attackers manipulated the protocol’s smart contracts on both Binance Smart Chain and Arbitrum. This alteration enabled the perpetrators to abscond with around $51.5 million worth of assets, including popular cryptocurrencies such as USD Coin, Wrapped BNB, and Ether.
Analysis of the attack revealed that the multi-signature wallet used by Radiant Capital, which relied on a total of 11 signers, was compromised. The hackers gained access to the private keys of three signers, facilitating their exploitation of the smart contracts.
This incident marks the second significant exploit Radiant Capital has faced in 2023, having previously lost $4.5 million in January due to a different vulnerability. In response to the recent breach, Radiant announced that it was collaborating with multiple security firms to address the ongoing crisis while directing users to a tool that assists in revoking smart contract permissions, aiming to enhance safety measures.
