Recently, Ancilia, a crypto security company, unintentionally sent a link to a wallet drainer while trying to help victims of a major attack on Radiant Capital, a blockchain lending platform, and found itself in hot water. Following a significant hack on October 16, Radiant Capital lost around $51.5 million in money, so consumers acted fast to safeguard their investments by withdrawing rights on the site.
Ancilia tried to assist Radiant Capital users as they started to worry by pointing them toward a URL she thought to be official. Sadly, this link turned out to be a malicious wallet drainer, able to steal money from anyone who clicked on it and approved its rights. Using a screenshot of the now-deleted article, which had wrongly advised people to click a link from an impostor Radiant account, a crypto critic known as Spreek exposed Ancilia’s gaffe.
Emphasizing the need of vigilance for people in trusted roles within the security sector, Spreek attacked the lack of diligence of the security business.
Please revoke access to the following contracts on https://t.co/JqPsJBBfNS.
— Radiant Capital (@RDNTCapital) October 16, 2024
0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1
0x30798cFe2CCa822321ceed7e6085e633aAbC492F
0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281
0xA950974f64aA33f27F6C5e017eEE93BF7588ED07 https://t.co/x4l7J8UVeT
The attack basically consisted of a clever manipulation of the smart contracts of Radiant Capital across the Arbitrum and Binance Smart Chain systems. De.Fi’s security analysts found that three private keys from Radiant’s multi-signature wallet had been obtained by the attackers, allowing them to change the smart contracts and carry out the theft of several assets, including USD Coin and Wrapped BNB.
Having already lost $4.5 million in January over a separate vulnerability, this episode represents the second attack Radiant Capital has experienced in 2024. Reacting to the most recent hack, Radiant Capital declared partnerships with numerous security companies to help to correct the problem. To stop such losses, they also recommended consumers to make use of revoke.cash, a service meant to assist separate wallets from hacked smart contracts.
Ancilia’s mistake emphasizes the crucial requirement of attention and exhaustive validation, particularly in relation to reliable companies in the field of crypto security. Users and security companies have to be careful as distributed platforms deal with ever complex cyber threats to prevent unintentionally exacerbating the damage caused by hostile actors.
