In a shocking misstep, crypto security firm Ancilia inadvertently shared a harmful link in an attempt to assist users affected by the recent $52 million hack on the blockchain lending protocol Radiant Capital. The error led to further confusion and heightened risk for victims already reeling from the exploit.
The Radiant Capital Hack: A $52 Million Loss
On October 16, Radiant Capital, a decentralized lending protocol, fell victim to a significant exploit that resulted in a loss of approximately $51.5 million. Hackers managed to alter the platform’s smart contracts on both the BNB Smart Chain and Arbitrum networks, seizing a wide range of assets, including USD Coin (USDC), Wrapped BNB (WBNB), and Ether (ETH).
The attack occurred through Radiant’s multi-signature wallet, which is protected by 11 signers. The hackers reportedly gained access to three of these signers’ private keys, giving them enough control to modify the smart contracts and siphon off user funds.
Ancilia’s Critical Error: Sharing a Malicious Link
As Radiant Capital users scrambled to revoke permissions in an effort to protect their remaining funds, Ancilia sought to help by sharing instructions. However, in a disastrous error, the security firm accidentally shared a link to a wallet drainer—a malicious tool designed to steal users’ funds when clicked.
Pseudonymous crypto commentator Spreek exposed Ancilia’s blunder by sharing a screenshot of the now-deleted post. The tweet had re-shared what was purported to be an official message from a fake Radiant X account. The instructions directed users to follow a link that led directly to the wallet drainer, further jeopardizing the assets of any users who clicked the link and granted permissions.
For f**k’s sake, if you are a ‘trusted’ security account, you need to absolutely make sure to never do this!
Spreek wrote in a post on X (formerly Twitter), expressing frustration at the preventable mistake.
Security Firms Step In to Aid Recovery Efforts
Following the hack, other crypto security firms like De.Fi quickly alerted the community to the exploit and provided accurate guidance. De.Fi noted that the attackers had modified Radiant’s smart contracts, leading to the theft of tens of millions in user assets.
Radiant Capital acknowledged the breach and announced that they were working with a coalition of security firms, including SEAL911, Hyperactive, ZeroShadow, and Chainalysis, to investigate the exploit and mitigate the damage.
In a later post, Radiant advised users to revoke permissions associated with the compromised smart contracts using revoke.cash, a platform that helps users sever connections between their wallets and smart contracts. This guidance was crucial in helping affected users prevent further losses.
Also read: Ireland Moves to Draft New Crypto Regulations Ahead of EU Crackdown on Money Laundering
Not the First Hack for Radiant
This incident marks the second time Radiant Capital has been targeted by hackers in 2024. Earlier in the year, the protocol suffered a $4.5 million loss due to a separate vulnerability in its smart contracts. While Radiant has since worked to strengthen its security, the most recent attack has exposed ongoing challenges in safeguarding decentralized platforms from sophisticated threats.
A Cautionary Tale for Crypto Users
The Radiant hack and Ancilia’s inadvertent mistake highlight the fragility of security in the cryptocurrency space. While blockchain and decentralized finance (DeFi) offer new opportunities for innovation, they also create fertile ground for malicious actors.
For crypto users, staying vigilant and carefully verifying the legitimacy of communications—especially those involving funds—is critical. As security teams rush to contain the damage, incidents like this serve as a stark reminder of the importance of thorough cybersecurity practices and transparent communication.
