Web3 Security Firm Ancilia Mistakenly Exposes Radiant Hack Victims to Wallet Drainer

Crypto security firm, Ancilia, is currently facing severe backlash for accidentally redirecting victims of the recent $51 million Radiant Capital hack to a malicious crypto drainer link.

A Costly Mistake

The attack on Radiant Capital took place on Oct. 16, with the hackers stealing around $51.5 million worth of crypto from the DeFi lending platform. Interestingly, Ancilia was the first security platform to report the hack.

Since the attackers had gained control of several private keys, which enabled them to control Radiant Capital’s multi-sig wallet, users were rushing to revoke permissions. This step would help them to disconnect their wallets from any malicious smart contracts and protect their remaining funds.

While trying to assist the hack victims to quickly revoke permissions, Ancilia mistakenly shared a post from a fake page impersonating Radiant Capital and urged users to “follow the link” included in the post. Unfortunately, the link led straight to a wallet drainer that would have stolen the funds of any user who followed the instructions and clicked on the link.

Crypto Community Criticizes Ancilia’s Negligence

The mistake was quickly pointed out by sharp-eyed members of the community. Ancilia subsequently deleted the post, apologised for the mistake, and pointed users to the correct Radiant Capital account.

We accidentally re-posted a scam link, apologized for that. The post has been deleted. The official Twitter handle is @RDNTCapital

— Ancilia, Inc. (@AnciliaInc) October 16, 2024

However, since the damage was already done, Ancilia came under fire, with several crypto community members expressing their displeasure with the platform’s inability to identify the scam account.

The pseudonymous crypto commentator, Spreek, reposted a screenshot of the now-deleted X post, criticizing Ancilia for its negligence despite being a “trusted security account.”

For fuck’s sake, if you are a ‘trusted’ security account, you need to absolutely make sure to never do this pic.twitter.com/2jrpN7P00L

— Spreek (@spreekaway) October 16, 2024

Scammers are increasingly using fake accounts impersonating genuine platforms to lure unsuspecting victims onto phishing platforms designed to steal their funds. Due to the very slight modifications, users often fail to identify these fake accounts at first glance.

In Q3 2024 alone, crypto users have lost more than $127 million to phishing scams.