Crypto Security Firm Ancilia Under Fire for Sharing Malicious Link Amid Radiant Capital Hack

Last updated:

Author

Ruholamin Haqshanas

Author

Ruholamin Haqshanas

About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto…

Last updated:

Why Trust Cryptonews

With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

Crypto security firm Ancilia is facing backlash after sharing a malicious crypto drainer link while attempting to assist users affected by a recent $52 million exploit targeting the lending protocol Radiant Capital.

The hack, which took place on October 16, saw attackers steal around $51.5 million worth of assets from the protocol.

Following the attack, Radiant Capital users scrambled to revoke permissions to protect their remaining funds.

Ancilia stepped in to aid users, but their efforts backfired when they shared a link from what they believed to be an official source.

The link, however, led to a wallet drainer, risking further losses for those who followed the instructions.

Crypto commentator “Spreek” highlighted the issue, sharing a screenshot of Ancilia’s now-deleted post.

Spreek pointed out that Ancilia had reposted a “scam link” originating from a fake Radiant X account.

Ancilia’s message had urged users to “follow the link from this official message” to revoke permissions, but the link was designed to steal funds from any user who clicked it and accepted the permissions.

“For god’s sake, if you are a ‘trusted’ security account, you need to absolutely make sure to never do this,” Spreek posted on X.

In response to the Radiant Capital hack, crypto security firm De.Fi posted on X on October 16, detailing how the attackers had exploited vulnerabilities within the protocol’s smart contracts on Binance Smart Chain and Arbitrum.

The exploit allowed them to alter the contracts, facilitating the theft of approximately $51.5 million in assets, including USD Coin (USDC), Wrapped BNB (WBNB), and Ether (ETH).

De.Fi explained that the protocol’s multi-signature wallet, which requires the approval of 11 signers, was compromised when hackers gained access to three private keys.

With these keys, the attackers manipulated the smart contracts, enabling them to drain user funds.

Radiant Capital Faces Second Breach This Year

This is the second significant breach Radiant Capital has faced this year.

In January, hackers exploited another vulnerability, leading to a $4.5 million loss.

In light of the recent attack, Radiant Capital announced that it is collaborating with several security firms, including SEAL911, Hyperactive, ZeroShadow, and Chainalysis, to address the issue and prevent further damage.

Meanwhile, phishing attacks remain a major issue for crypto users, resulting in substantial losses.

In September alone, more than 10,000 individuals lost over $46 million to such scams, as reported by Scam Sniffer, a Web3 anti-scam platform.

The platform revealed that 10,805 victims suffered losses amounting to $46.7 million from various crypto phishing scams last month.

Just recently, it was revealed that cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.

This comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

You May Also Like