Crypto security firm mistakenly shares drainer link to ‘help’ Radiant hack victims

Crypto security firm Ancilia has landed itself in hot water after it accidentally shared a link pointing to a crypto wallet drainer in an attempt to aid users who lost funds in a $52 million exploit of lending protocol Radiant Capital. 

Radiant Capital users were rushing to revoke permissions on the protocol in a bid to prevent their funds from being stolen after the lending protocol fell victim to a hack on Oct. 16, with the attackers making off with around $51.5 million in funds. 

Pseudonymous crypto commentator “Spreek” shared a screenshot of Ancilia’s now-deleted post, which re-posted what they said was a “scam link” from an imposter Radiant X account. 

Ancilla instructed Radiant Capital users who were looking to revoke their permissions on the exploited protocol to “please follow the link from this official message.”

The link in the post led to a wallet drainer that would have siphoned off the funds of any user who clicked the link and accepted the permissions. 

“For fuck’s sake, if you are a ‘trusted’ security account, you need to absolutely make sure to never do this,” Spreek wrote in an X post.

Crypto security firm De.Fi alerted users of the Radiant Capital hack in an Oct. 16 X post, sharing that the exploit had seen the attackers alter the protocol’s smart contracts on Binance Smart Chain and Arbitrum. 

The change in the smart contracts allowed the attackers to steal roughly $51.5 million in assets, including USD Coin (USDC), Wrapped BNB (WBNB), and Ether (ETH). 

The security firm explained that a multi-signature wallet controlled Radiant Capital with a total of 11 signers. The hackers reportedly obtained access to three of the signers’ private keys, which allowed them to alter the protocol’s smart contracts and steal user funds. 

Related: Scientists breach cryptographic algorithms with quantum computer

The attack marks the second time this year that Radiant has suffered an exploit. In January, Radiant lost $4.5 million after hackers exploited a different flaw in its smart contracts. 

Radiant said it was “aware of the issue” and was working with several security firms, including SEAL911, Hyperactive, ZeroShadow, and Chainalysis, to resolve the problem. 

In a later post to X, Radiant directed users to revoke smart contract permissions using an app called revoke.cash, which helps users cut ties between their wallets and smart contracts.

Magazine: Fake Rabby Wallet scam linked to Dubai crypto CEO and many more victims