ARB

Arbitrum-Based ConcentricFi Hit by $1.8M Security Breach

by BSCN

January 22, 2024

chain

The attack exploited a "social engineering attack" to compromise the private key for the protocol's deployer account, allowing the perpetrator to upgrade vaults, mint new LP tokens, and drain assets from the vaults.

ConcentricFi, a decentralized finance platform on the Arbitrum network, has confirmed a substantial security breach resulting in losses totaling approximately $1.8 million.

The attacker employed a "social engineering attack" to compromise the private key for the protocol's deployer account. Subsequently, the compromised key was utilized to execute actions such as upgrading the vaults, minting new LP tokens, and draining the vaults of their assets, according to statements from the ConcentricFi team.

In response to the breach, ConcentricFi advised users to revoke approvals from all vault addresses listed in the protocol's documents.

Connection With OKX Exploiter

According to blockchain security platform CertiK, over $1.8 million has been lost in the attack so far. The attacking wallet has been linked to a wallet involved in the OKX decentralized exchange exploit on December 13, suggesting a potential connection between the two incidents.

Utilizing a Concentric contract's adminMint function, the attacker minted CONE-1 tokens and then used the "burn" function to redeem these tokens for AlgebraPool funds. This process was repeated multiple times, allowing the attacker to acquire various ERC-20 tokens later exchanged for Ether.

ConcentricFi issued a warning, urging users to refrain from interacting with the protocol due to the ongoing security incident. The Concentric team has initiated an investigation and committed to providing a post-mortem report with a plan to address the identified vulnerability.

The announcement of the breach had an immediate impact on the market, with Concentric.fi (CONE) prices experiencing a sharp decline of 60% and trading at $0.7571.

Disclaimer

Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article

;