en
Back to the list

Arbitrum-Based ConcentricFi Hit by $1.8M Security Breach

source-logo  bsc.news 22 January 2024 18:05, UTC

ConcentricFi, a decentralized finance platform on the Arbitrum network, has confirmed a substantial security breach resulting in losses totaling approximately $1.8 million.

We regret to inform you that our protocol has suffered a severe security breach due to a targeted social engineering attack on one of our team members holding the deployer wallet. This unfortunate incident led to unauthorized access and subsequent exploitation of our protocol.…

— Concentric.fi (@ConcentricFi) January 22, 2024

The attacker employed a "social engineering attack" to compromise the private key for the protocol's deployer account. Subsequently, the compromised key was utilized to execute actions such as upgrading the vaults, minting new LP tokens, and draining the vaults of their assets, according to statements from the ConcentricFi team.

In response to the breach, ConcentricFi advised users to revoke approvals from all vault addresses listed in the protocol's documents.

Connection With OKX Exploiter

According to blockchain security platform CertiK, over $1.8 million has been lost in the attack so far. The attacking wallet has been linked to a wallet involved in the OKX decentralized exchange exploit on December 13, suggesting a potential connection between the two incidents.

#CertiKSkynetAlert 🚨

We have seen an exploit on @ConcentricFi on Arbitrum

Exploiter wallet is linked to the OKX Exploiter

Initial losses look to be around ~$1.6mhttps://t.co/t9liWxo3jz

— CertiK Alert (@CertiKAlert) January 22, 2024

Utilizing a Concentric contract's adminMint function, the attacker minted CONE-1 tokens and then used the "burn" function to redeem these tokens for AlgebraPool funds. This process was repeated multiple times, allowing the attacker to acquire various ERC-20 tokens later exchanged for Ether.

ConcentricFi issued a warning, urging users to refrain from interacting with the protocol due to the ongoing security incident. The Concentric team has initiated an investigation and committed to providing a post-mortem report with a plan to address the identified vulnerability.

The announcement of the breach had an immediate impact on the market, with Concentric.fi (CONE) prices experiencing a sharp decline of 60% and trading at $0.7571.

bsc.news