Concentric Protocol Falls Victim to Private Key Exploitation on Arbitrum Network
The liquidity manager app Concentric has experienced a security breach on the Arbitrum network. The breach was a result of a targeted social engineering attack on one of Concentric’s team members who had access to the deployer wallet. Unauthorized access was gained, leading to the exploitation of the protocol.
Loss Exceeding $1.6 Million and Potential Connection to OKX Exploit
A report from CertiK, a blockchain security firm, reveals that the attack has resulted in a loss of over $1.6 million. The wallet used in the attack has been linked to the one involved in the OKX decentralized exchange exploit. This suggests a potential connection between the two incidents.
Sophisticated Social Engineering Attack and Exploitation Process
The attack on Concentric was initiated through a sophisticated social engineering attack that compromised the deployer wallet. The attacker took advantage of upgradable vaults within the protocol, upgrading them, minting new LP tokens, and draining their assets’ vaults. This allowed them to obtain various ERC-20 tokens swapped for Ether.
Concentric Launches Investigation and Promises Post-Mortem Report
Concentric’s team has launched an investigation into the incident and enlisted security researchers to analyze it. They are working on implementing measures to prevent future occurrences and will provide a post-mortem report outlining the vulnerability and their plan to address it.
Maintaining Transparency and Urging User Action
Concentric aims to maintain transparency throughout the recovery process and keep users informed about updates. They have urged users to revoke approvals from all vault addresses and provided a list for easy reference. Users are advised to stay informed about the incident and its resolution.
Security Breaches in Liquidity Protocols
This year has seen security breaches targeting liquidity protocols, with Concentric and Gamma Strategies being the latest victims. Gamma Strategies experienced a $3.4 million loss due to smart contract vulnerabilities. Liquidity management protocols have gained popularity in decentralized exchanges, contributing to increased adoption.
Hot Take: Concentric Protocol Suffers Private Key Breach on Arbitrum Network
The liquidity manager app Concentric has fallen victim to a targeted social engineering attack that resulted in unauthorized access and exploitation of the protocol. The attack led to a loss exceeding $1.6 million and potentially has a connection to a previous exploit on OKX decentralized exchange. Concentric is conducting an investigation, enlisting security researchers, and plans to provide a post-mortem report on the vulnerability. They have urged users to revoke approvals from vault addresses and are committed to resolving the issue and restoring the integrity of the protocol. This incident highlights ongoing security breaches in liquidity protocols, emphasizing the need for enhanced measures in safeguarding user funds.
By
By
By
By