The Radiant Capital lending protocol has become a target for hackers. The attackers attacked the BNB Chain and Arbitrum networks, stealing cryptocurrencies worth more than $50 million in total. The project team urgently urged users to revoke permissions for the affected contracts to prevent further losses of funds.
Security experts from Ancilia were the first to discover traces of the hack. They noted that hackers exploited a vulnerability in the transferFrom function in a smart contract, which allows attackers to transfer tokens from other people’s wallets to their own addresses without the knowledge of the owners. To do this, it is enough for the victim to pre-approve interaction with the fake contract.
In an attempt to help users protect their funds, Ancilia made a serious mistake. Instead of providing a secure link to revoke permissions, they accidentally shared a tool that allowed hackers to steal the remaining funds from users’ wallets.
