- Ancilla mistakenly shared a wallet drainer link during the $52M Radiant Capital exploit.
- Radiant Capital lost $51.5M after hackers altered its smart contracts.
- Hackers gained access to Radiant’s multi-signature wallet, exploiting three private keys.
A $52 million exploit hit the DeFi lending protocol Radiant Capital. Afterwards, security firm Ancilia did nothing but worsen this situation by sharing a wallet drainer link with them, mistakenly sending victims to a scam site instead of offering help.
Compromising the protocol’s intelligent contracts onto BNB Chain and Arbitrum, the attackers requested users to revoke permissions, protecting their remaining assets. Ancilia’s misguided post only led users to a phishing link, increasing the confusion and risk.
Security Error Compounds Radiant Hack
After the breach, Radiant Capital users turned to crypto security firms for advice on protecting their funds. One of the first to report the exploit was Ancilia, who shared a helpful link to allow users to revoke permissions belonging to the exploited contracts.
Nevertheless, this redirected victims to a malicious wallet drainer wallet scam meant to steal even more funds. The error resulted from Ancilia reposting content from an impersonator account that mimicked Radiant Capital’s official X (formerly Twitter) account.
Earlier, the attackers were behind a Radiant hack and had rewritten the protocol’s smart contracts, exploiting the ‘transferFrom’ function. This allowed them to ‘unlock’ $515 million of digital assets like USDC, WBNB, and ETH. Since there were Radiant Capital users, the advice was revoked. Cash is a legitimate service that disconnects their wallets from compromised contracts and prevents future losses.
Community Backlash and Response
Crypto community members quickly called out Ancilia’s mistake and the firm’s negligence. They warned that trusted security firms might inadvertently boost scam links in a crisis. Ancilla deleted the post and apologized, saying that the official Radiant Capital account should always be where to find information first.
🚨~$58,000,000 Exploit Alert🚨
Radiant Capital contracts were exploited on BSC & ARB chains with the 'transferFrom' function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others
⚠️Revoke approvals ASAP👇
0xd50cf00b6e600dd036ba8ef475677d816d6c4281 pic.twitter.com/oUHyshwEmL— De.Fi Antivirus Web3 🛡️ (@De_FiSecurity) October 16, 2024
Crypto community members quickly called out Ancilia’s mistake and the firm’s negligence. They warned that trusted security firms might inadvertently boost scam links in a crisis. Ancilla deleted the post and apologized, saying that the official Radiant Capital account should always be where to find information first.
The latest scam targets raised concerns over the security of the Radiant Capital platform, which was exploited twice in 2024. In January, hackers used a flash loan attack to steal $45 million from the protocol. After the most recent breach, Radiant worked with several security firms to investigate what happened and to help prevent such exploits from happening again.