Web3 security firm’s mistake exposes victims of $50m exploit to wallet drainer

Victims of DeFi lender Radiant Capital’s exploit were thrown into further disarray when a security firm erroneously shared a link to a wallet drainer while attempting to help them.

On Oct. 17,  web3 security startup Ancilia was criticized for its negligence after it redirected victims of the attack to an X account masquerading as the DeFi lender to dupe users into visiting a malicious site designed to drain users’ assets via approval phishing.

Security experts tricked

Ancilia was the first to report the exploit on Oct. 16, which saw Radiant Capital’s smart contracts on BNB Chain and Arbitrum compromised via the ‘transferFrom’ function, allowing attackers to drain over $50 million in assets, including USDC, WBNB, and ETH.

Following the breach, Radiant urged users to revoke all approvals using Revoke.cash, a tool that allows users to disconnect their wallets from potentially malicious smart contracts, to prevent further losses. 

This step was necessary because the attackers had gained control of several private keys, allowing them to control the DeFi protocol’s multi-signature wallet by transferring ownership.

Crypto scammers jumped on the opportunity, impersonating Radiant Capital on X and pushing fake links disguised to mimic the Revoke.cash platform. Ancilia, not realizing the scam, accidentally shared the fake post, while asking users to “follow the link,” which led straight to the wallet drainer.

Web3 security firm’s mistake exposes victims of $50m exploit to wallet drainer - 1
Deleted post from Ancilia reposting a Radiant Capital impersonator | Source: Spreek/X

If unlucky victims clicked through and connected their wallets, approving the permissions, their funds would’ve been siphoned off.

Eagle-eyed community members were quick to point out the security firm’s blunder and criticized Ancilia’s negligence as a “‘trusted’ security account.” Subsequently, Ancilia deleted the post, issued an apology, and pointed users to the original Radiant Capital account.

The severity of these scams is highlighted by the fact that the bad actors orchestrate these approval phishing campaigns from hijacked X accounts that often bear the golden verification checkmark, which is designated to verified organizations on the social media platform.

Then, by slightly modifying the account’s name and handle, scammers are able to trick web3 users. In this instance, they changed the account name to “Radiarnt Capital” instead of “Radiant Capital” and altered the handle to “@RDNTCapitail” instead of “@RDNTCapital.” While these changes may seem easy to spot, many users often miss them at first glance.

At the time of writing, several instances of the aforementioned phishing post were still live under Ancilia’s posts.

Impersonation scams

Impersonating genuine projects to trick crypto investors has become one of the most common tools for scammers to lure victims onto phishing platforms. 

Earlier this year, cybersecurity firm SlowMist warned that over 80% of the comments under posts from major crypto projects were scams. Meanwhile, a ScamSniffer report pointed out that this tactic was the go-to move for scammers, causing millions of dollars in losses for crypto investors in February.

Just a day before the recent attack, bad actors were seen running a similar campaign to dupe WLFI investors. Scammers have even targeted Revoke Cash users by impersonating the service in early September and promoting a malicious site using Google Ads.

In related news, this was the second time Radiant Capital was exploited this year. Hackers were able to get away with $4.5 million from the protocol in a January flash loan attack. 

Tổng hợp và chỉnh sửa: ThS Phạm Mạnh Cường
Theo Crypto News

By Phạm Mạnh Cường

Phạm Mạnh Cường là một doanh nhân và nhà đầu tư Tiền mã hoá. Tác giả đã từng tiên phong giảng dạy Blockchain ở Trường Đại học Kinh tế - Luật, Đại học Quốc gia Hồ Chí Minh. Hiện tại đang là Giám đốc công ty Wischain và Giảng viên công nghệ Blockchain tại Đại học Hutech, Việt Nam. Tác giả đã có bằng Thạc sĩ Khoa học máy tính từ năm 2011 tại Đại học Bách Khoa Hồ Chí Minh. Tính đến nay tác giả đã có kinh nghiệm 7 năm giảng dạy cho sinh viên về công nghệ Blockchain và 8 năm đầu tư trong lĩnh vực Tiền mã hoá từ 2016. Tác giả đã tham gia diễn giả tại hàng trăm hội thảo chất lượng và hiện sở hữu hàng nghìn bài viết tổng hợp, nhận định và chỉnh sửa về Tiền mã hoá và Tiền điện tử chất lượng trên Website và ở nhiều kênh khác.

Để lại một bình luận

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *