Crypto security firm Ancilia faced backlash after mistakenly sharing a harmful wallet drainer link while trying to help victims of the $52 million hack on Radiant Capital, a blockchain lending protocol. This incident unfolded as users rushed to revoke permissions on Radiant’s smart contracts to protect their funds from the recent exploit.
Ancilia’s Misstep in Assisting Radiant Users
Radiant Capital was hit with a major hack on Oct. 16, where attackers made off with around $51.5 million in funds. As users scrambled to prevent further losses by revoking protocol permissions, Ancilia attempted to assist by sharing what they believed to be a helpful link. Unfortunately, the link directed users to a wallet drainer instead, putting their funds at even greater risk.
Crypto commentator “Spreek” exposed Ancilia’s error by sharing a screenshot of the now-deleted post, which instructed Radiant users to “follow the link from this official message.” The link had been reposted from an imposter Radiant X account, further exacerbating the situation. Had users clicked the link and accepted its permissions, their wallets would have been drained of their funds.
Spreek criticized Ancilia’s mishandling of the situation, stating, “For fuck’s sake, if you are a ‘trusted’ security account, you need to absolutely make sure to never do this.”
The Radiant Capital Hack: What Happened?
The attack on Radiant Capital occurred across both Binance Smart Chain and Arbitrum, with hackers manipulating the protocol’s smart contracts to steal funds. Security firm De.Fi revealed that the attackers accessed three private keys from Radiant’s multi-signature wallet, allowing them to alter the smart contracts and siphon off assets, including USD Coin (USDC). This is the second exploit Radiant has suffered in 2024; the first occurred in January, resulting in a loss of $4.5 million.
In response to the hack, Radiant Capital announced that it was collaborating with several security firms—including SEAL911, Hyperactive, ZeroShadow, and Chainalysis—to address the breach. In a subsequent post, Radiant advised users to use revoke.cash, a tool designed to help revoke wallet permissions with compromised smart contracts.
The Ancilia incident underscores the importance of double-checking information, especially for trusted entities in the security sector. As cyberattacks on decentralized platforms become increasingly sophisticated, both users and security firms need to exercise extreme caution to avoid inadvertently amplifying damage caused by malicious actors.
