As a seasoned analyst who has navigated through the complex and often treacherous waters of the crypto landscape for years, I can’t help but shake my head at the latest turn of events involving Radiant Capital and Ancilia. The irony is almost palpable – a security firm tasked with safeguarding assets accidentally directing victims to a wallet drainer. It’s like hiring a firefighter who, instead of dousing the flames, accidentally sets the house on fire.
As an analyst, I found myself in a complicated situation when a security team unintentionally added to the chaos experienced by victims of Radiant Capital’s exploit. Instead of providing assistance, they unwittingly posted a link to a wallet-draining tool while trying to help – a well-meaning action that unfortunately caused more harm than good.
On October 17th, the web3 security startup Ancilia faced criticism for its oversight, as it inadvertently directed victims of an attack towards a fraudulent X account that posed as a DeFi lender. The aim was to trick users into accessing a harmful site, which was designed to siphon off users’ assets by deceiving them into approving phishing requests.
Security experts tricked
On October 16th, Ancilia was the one who initially disclosed an exploit. This vulnerability was leveraged to manipulate Radiant Capital’s smart contracts on both BNB Chain and Arbitrum, primarily through the ‘transferFrom’ function. As a result, attackers were able to siphon off more than $50 million worth of assets such as USDC, WBNB, and ETH.
After the incident, Radiant advised users to cancel all authorizations via Revoke.cash, a handy tool designed for users to disconnect their wallets from suspicious smart contracts, thereby avoiding potential future financial losses.
It became crucial to take this action since the intruders managed to seize possession of multiple private keys. Consequently, they were able to switch the ownership of the Defi protocol’s multi-signature wallet by moving it.
As an analyst, I’ve uncovered a concerning incident where impostors posing as Radiant Capital exploited an opportunity by creating false posts and disguising them as links that resembled the legitimate Revoke.cash platform. Unfortunately, in this instance, Ancilia, who was unaware of the scam, unwittingly shared one such fraudulent post, urging users to click on the link. Regrettably, this action led directly to a wallet drainer.
In simpler terms, if unfortunate users followed the link and granted access to their digital wallets, their money could have been drained.
Vigilant community members didn’t waste time in spotting the mistake made by the security company and criticized Ancilia for their lack of vigilance, labeling the careless action as a breach of trust in their role as a “security account.” Following this, Ancilia removed the post, expressed regret, and directed users towards the genuine Radiant Capital account.
We accidentally re-posted a scam link, apologized for that. The post has been deleted. The official Twitter handle is @RDNTCapital
— Ancilia, Inc. (@AnciliaInc) October 16, 2024
It’s alarming to note that these scammers organize their ‘approval phishing’ schemes using hacked accounts that frequently display a golden verification badge, typically reserved for authenticated organizations on the social media network.
In essence, scammers can deceive web3 users by subtly altering the names and handles of accounts. For instance, in one case they swapped “Radiant Capital” for “Radiarnt Capital” in the account name, and changed “@RDNTCapital” to “@RDNTCapitail” in the handle. Although these differences may appear minor, many users might initially overlook them.
As I’m typing this, some of the mentioned phishing scams are still active within Ancilia’s posts.
Impersonation scams
Tricking crypto investors by pretending to be legitimate projects is now a popular method used by swindlers to lead unsuspecting victims into fraudulent sites, often disguised as phishing platforms.
Previously this year, the cybersecurity company SlowMist issued a warning stating that around 80% of comments under significant cryptocurrency projects were fraudulent activities. On the other hand, a report from ScamSniffer highlighted that this approach was commonly used by scammers, leading to substantial financial losses for crypto investors in February, amounting to millions of dollars.
One day prior to the latest assault, unscrupulous individuals were spotted conducting a comparable scheme aimed at deceiving WLFI investors. In early September, these scammers also attempted to swindle Revoke Cash users by posing as the service and advertising a harmful website through Google Ads.
It’s been reported that Radiant Capital has suffered two cyber attacks this year, including a flash loan assault in January, where hackers managed to steal approximately $4.5 million from the system.
Read More
Sorry. No data so far.
2024-10-17 11:42