Close Menu
    Blockchain

    Crypto security firm mistakenly shares drainer link to ‘help’ Radiant hack victims

    By No Comments3 Mins Read

    30s Summary

    Cryptocurrency security firm Ancilia accidentally shared a link to a crypto wallet draining scam while trying to aid victims of a $52m attack on lending platform Radiant Capital. The link was intended for users looking to revoke their permissions on the compromised platform. Crypto commentator “Spreek” criticised Ancilia for its error. Radiant Capital, believed to be controlled by a multi-signature wallet with 11 signers, is said to have lost $4.5m earlier this year due to a separate flaw in their smart contracts.

    Full Article

    Cryptocurrency security company Ancilia really stepped in it after mistakenly sharing a link that led to a crypto wallet draining scam. They were trying to help folks who lost money in a massive $52 million attack on lending platform Radiant Capital.

    After Radiant Capital was hacked on October 16, users were scrambling to get their permissions revoked on the platform to stop their funds from being nicked. The hackers made off with a cool $51.5 million.

    Crypto commentator “Spreek” made a show of Ancilia’s goof, posting a screenshot of the now-removed post where Ancilia had shared what they claimed was a “scam link” from a fake Radiant X account.

    Ancilia was telling Radiant Capital users, who wanted to revoke their permissions on the compromised protocol, to “please follow the link from this official message.” The only problem? The link took people to a wallet drainer that would’ve sucked the funds dry of anyone who clicked on it and accepted the permissions. Not cool.

    Spreek harshly criticized Ancilia, saying “For fuck’s sake, if you are a ‘trusted’ security account, you need to absolutely make sure to never do this.”

    Another crypto security firm, De.Fi, also warned people about the Radiant Capital hack, saying that the attackers had fiddled with the smart contracts on Binance Smart Chain and Arbitrum. These changes let them steal about $51.5 million in different assets, like USD Coin (USDC), Wrapped BNB (WBNB), and Ether (ETH).

    It turns out, Radiant Capital is controlled by a multi-signature wallet with 11 signers. The bandits got a hold of three of the signers’ private keys, which let them change the smart contracts and filch user funds.

    This isn’t the first time Radiant has been hit either. They lost $4.5 million earlier this year because of another flaw in their smart contracts.

    Acknowledging the problem, Radiant said they were working with several security firms, including SEAL911, Hyperactive, ZeroShadow, and Chainalysis, to fix things. In a later post, they suggested users use an app called revoke.cash to break the connection between their wallets and the smart contracts.

    Source: Cointelegraph

    Related Posts