Ancilia shares drainer link during Radiant Capital hack response

Crypto security firm Ancilia faced criticism after mistakenly sharing a wallet drainer link while attempting to assist users affected by a recent $52 million exploit on blockchain lending protocol Radiant Capital. 

On Oct. 16, attackers altered the protocol’s smart contracts on Binance Smart Chain (CRYPTO:BNB) and Arbitrum (CRYPTO:ARB), allowing them to steal $51.5 million in assets, including USD Coin (CRYPTO:USDC), Wrapped BNB (CRYPTO:WBNB), and Ether (CRYPTO:ETH). 

Following the exploit, Radiant Capital users were advised to revoke permissions to prevent further losses. 

Ancilia, in an attempt to aid affected users, shared a post instructing them to "follow the link from this official message" for guidance. 

However, the link led to a wallet drainer, which would have siphoned funds from anyone who clicked and granted permissions. 

Pseudonymous crypto commentator “Spreek” shared a screenshot of Ancilia’s now-deleted post, criticising the security firm for the oversight, stating, “If you are a ‘trusted’ security account, you need to absolutely make sure to never do this.” 

The Radiant Capital hack allowed attackers to compromise a multi-signature wallet, which is governed by 11 signers. 

According to security firm De.Fi, the hackers gained access to three private keys, enabling them to modify smart contracts and steal user funds. 

This is not the first security breach for Radiant Capital this year; in January, hackers exploited a different flaw, resulting in a loss of $4.5 million. 

In response to the latest incident, Radiant Capital stated that it was collaborating with multiple security firms, including SEAL911, Hyperactive, ZeroShadow, and Chainalysis, to address the situation. 

The protocol further advised users to revoke smart contract permissions using revoke.cash, a platform that helps users manage their wallet connections.