In a shocking mistake, crypto security firm Ancilia shared a link pointing to a crypto wallet drainer, putting victims of the Radiant Capital hack at risk. As users scrambled to safeguard their assets by revoking protocol permissions, a grave error from Ancilia, a renowned crypto security firm, surfaced.
Ancilia attempted to aid users who lost funds in the $52 million exploit of lending protocol Radiant Capital, but instead, inadvertently shared a malicious link. The link, now deleted, was re-posted from an imposter Radiant X account and would have siphoned off users funds if clicked and permissions accepted.
The Incident: Ancilia’s Apology for Sharing a Malicious Link
Ancilia swiftly apologized for the mistake, acknowledging the severity of sharing a malicious link with victims of the Radiant Capital hack.
The security firm’s now-deleted post had instructed users to follow the link from the “official message”, which led to a wallet drainer, putting users funds at risk. Pseudonymous crypto commentator “Spreek” exposed the mistake, sharing a screenshot of the post and condemning Ancilia’s actions.
Ancilia’s apology came after the security firm realized the gravity of their mistake, which could have resulted in further financial losses for Radiant Capital users. The incident highlights the importance of vigilance and verification in the cryptocurrency space, particularly for trusted security accounts.
The Radiant Capital Hack: A $51.5 Million Exploit
Radiant Capital, a lending protocol, fell victim to a massive hack on October 16, resulting in a staggering loss of $51.5 million in assets. The attackers exploited the protocol by altering its smart contracts on Binance Smart Chain and Arbitrum, gaining access to user funds. The security breach exploited a vulnerability in a multi-signature wallet system, with the hackers successfully gaining control over three of the eleven required private keys.
The Attack: Altering Smart Contracts and Stealing User Funds
The Radiant Capital hack involved a sophisticated attack on the protocol’s smart contracts, allowing the hackers to steal a massive $51.5 million in assets. The attackers gained access to three private keys of the 11 signers controlling the multi-signature wallet, enabling them to alter the smart contracts.
This alteration permitted the hackers to drain user funds, resulting in the theft of USD Coin (USDC), Wrapped BNB (WBNB), and Ether (ETH) from unsuspecting users. The attack was a devastating blow to Radiant Capital, marking the second exploit of the year, following a previous incident in January.
The Investigation: How the Hackers Obtained Access to Radiant Capital
The investigation into the Radiant Capital hack is ongoing, but initial findings suggest that the hackers gained access to three private keys of the 11 signers controlling the multi-signature wallet. This access allowed the attackers to alter the protocol’s smart contracts on Binance Smart Chain and Arbitrum, ultimately leading to the theft of $51.5 million in assets.
The exact method used by the hackers to obtain the private keys remains unclear, but it is believed to be a sophisticated attack that exploited vulnerabilities in Radiant Capital’s security protocols.
The incident serves as a stark reminder of the importance of robust security measures in the crypto industry, and the need for constant vigilance against potential threats.
The Aftermath: Ancilia’s Mistake and the Consequences
In a critical error, Ancilia’s social media channel mistakenly shared a link that was intended to assist users of Radiant Capital following a high-profile hack. The security firm, in an attempt to guide victims on revoking access permissions to the protocol, inadvertently posted a link sourced from an impersonating Radiant X account. This misleading ‘official message’ urged users to follow a path that would have led directly to a wallet draining exploit. The post, now erased but captured by crypto commentator Spreek, sparked immediate concern within the community, as it exemplified a severe breach of trust placed in Ancilia’s expertise.
The consequences of Ancilia’s mistake are far-reaching, with the crypto security firm’s credibility taking a significant hit. The incident has raised questions about the firm’s vetting processes and its ability to protect users from scams and phishing attacks.
Ancilia’s apology, while welcomed, may not be enough to restore trust among users, who are increasingly wary of security firms and their motives. The Radiant Capital hack and Ancilia’s mistake serve as a stark reminder of the importance of vigilance and accountability in the crypto industry. As the industry continues to grapple with the fallout, one thing is clear: security firms must do more to earn and maintain the trust of their users.