en
Back to the list

Concentric app suffers $1.7m social engineering hack on Arbitrum

source-logo  crypto.news 22 January 2024 15:42, UTC

The liquidity manager app Concentric experienced a significant security breach today on the Arbitrum network.

The breach involved a social engineering attack that enabled the unauthorized acquisition of a critical private key. This key belonged to the protocol’s deployment account and was instrumental in the attack.

During the incident, the perpetrator managed to manipulate the protocol by upgrading the vaults and creating new liquidity provider (LP) tokens. This series of actions ultimately led to the extraction of assets from the vaults.

Exploiter is now targeting approvals on vaults, please revoke all approvals to these addresses:https://t.co/3vTEWu23BJ https://t.co/KlZo5PqjlI

— Concentric.fi (@ConcentricFi) January 22, 2024

The breach was executed by gaining control of an employee’s deployer wallet on Arbitrum. The $1.7 million in stolen funds were converted into Ethereum and dispersed across three wallet addresses. Cybersecurity company Cyvers detected and reported suspicious activities following the incident, raising concerns within the decentralized finance community.

🚨ALERT🚨Our AI system has detected multiple suspicious transactions involving $ARB on @ConcentricFi.

The attacker gained control of @ConcentricFi through social engineering tactics.
Subsequently, stolen funds were converted to $ETH and distributed across three distinct EOA.
The… pic.twitter.com/TW6pT0ES3H

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) January 22, 2024
You might also like: CryptoPunk sells for $500K, NFT volume rallies 17%

Further investigation into the attack revealed intriguing connections. Blockchain security firm CertiK identified a link between the wallet used in this breach and another involved in a previous exploit of the OKX decentralized exchange in December. This connection suggests the possibility of the same individual or group orchestrating both attacks.

Liquidity management protocols, such as the one employed by Concentric, have gained traction in the defi sector. These protocols help in setting price boundaries and managing liquidity pools within decentralized exchanges.

Their rise in popularity can be traced back to the introduction of the concentrated liquidity feature by Uniswap in 2021. This feature enables liquidity providers to define specific price ranges for asset trading, adding complexity to liquidity provision and thereby increasing reliance on management protocols for asset handling.

You might also like: Terra developer Terraform Labs files for Chapter 11 bankruptcy
crypto.news