Arbitrum-Based ConcentricFi Hit by $1.8M Security Breach

ConcentricFi, a decentralized finance platform on the Arbitrum network, has confirmed a substantial security breach resulting in losses totaling approximately $1.8 million.

The attacker employed a "social engineering attack" to compromise the private key for the protocol's deployer account. Subsequently, the compromised key was utilized to execute actions such as upgrading the vaults, minting new LP tokens, and draining the vaults of their assets, according to statements from the ConcentricFi team.

In response to the breach, ConcentricFi advised users to revoke approvals from all vault addresses listed in the protocol's documents.

‍

Connection With OKX Exploiter

According to blockchain security platform CertiK, over $1.8 million has been lost in the attack so far. The attacking wallet has been linked to a wallet involved in the OKX decentralized exchange exploit on December 13, suggesting a potential connection between the two incidents.

Utilizing a Concentric contract's adminMint function, the attacker minted CONE-1 tokens and then used the "burn" function to redeem these tokens for AlgebraPool funds. This process was repeated multiple times, allowing the attacker to acquire various ERC-20 tokens later exchanged for Ether.

ConcentricFi issued a warning, urging users to refrain from interacting with the protocol due to the ongoing security incident. The Concentric team has initiated an investigation and committed to providing a post-mortem report with a plan to address the identified vulnerability.

The announcement of the breach had an immediate impact on the market, with Concentric.fi (CONE) prices experiencing a sharp decline of 60% and trading at $0.7571.