Concentric Confirms $1.6M Private Key Breach on Arbitrum Protocol

Arbitrum Concentric Gamma Strategies
Last updated:
Journalist
Journalist
Hassan Shittu
About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.

The liquidity manager app Concentric has fallen victim to private key exploitation on the Arbitrum network. According to the post on their official X account, the protocol confirmed the incident, revealing that the security breach resulted from a targeted social engineering attack on one of its team members with access to the deployer wallet. This incident resulted in unauthorized access and subsequent exploitation of the protocol.

According to a report from the blockchain security firm CertiK, the attack has resulted in a loss exceeding $1.6 million. Also, the attacking wallet has been linked to the one involved in the OKX decentralized exchange exploit on December 13, suggesting a potential connection between the two incidents.

The attack vector was initiated through a sophisticated social engineering attack, compromising the deployer wallet—a critical component of the Concentric Protocol’s infrastructure. Despite having audited vaults, the protocol was vulnerable as these vaults were upgradable. The attacker leveraged this feature to upgrade the vaults, mint new LP tokens, and drain their assets’ vaults.

In the attack on Concentric, the exploiter wallet utilized the adminMint function on a Concentric contract, minting CONE-1 tokens and then calling “burn” to redeem these tokens for funds from the AlgebraPool. This process was repeated multiple times, allowing the attacker to obtain various ERC-20 tokens swapped for Ether.

Concentric Launches Investigation with Security Researchers After Breach, Promises Post-Mortem Report and Remediation Plan

Concentric’s team has initiated an investigation and enlisted security researchers to help analyze the incident, identify the exploiters, and implement measures to prevent future occurrences. The protocol pledged to provide a post-mortem report outlining the vulnerability and a plan to address it.

Furthermore, Concentric aims to maintain transparency and keep the community informed and engaged in the recovery process by offering this detailed report. The team is committed to resolving the issue and restoring the integrity of the Concentric Protocol on Arbitrum. Users are advised to stay informed about updates from Concentric regarding the incident and its resolution.

“We sincerely apologize for the inconvenience and distress this incident has caused. Our team is fully committed to resolving this issue, implementing enhanced security measures, and restoring the integrity of the Concentric protocol. We appreciate your support and understanding during this difficult time.”

Also, Concentric has urged its users to revoke approvals from all vault addresses, providing a list in the protocol’s documents to facilitate this process.

Security Breaches Continue to Plague Liquidity Protocols; ConcentricFi and Gamma Strategies Among Latest Victims

This year has witnessed security breaches targeting liquidity protocols, with Concentric being the latest victim of an attack on the Arbitrum network.

Earlier this year, Gamma Strategies, another liquidity protocol, experienced an attack resulting in a $3.4 million loss. This breach was attributed to smart contract vulnerabilities related to inconsistencies in accounting mechanisms for depositing and withdrawing funds. Attackers exploited this vulnerability to withdraw many tokens, although Gamma Strategies’ vaults are designed to guard against flash loans.

The attack on Gamma Strategies utilized a different method, and there is no apparent connection between the two incidents.

Liquidity management protocols have gained popularity for decentralized exchanges (DEX) since Uniswap introduced its “concentrated liquidity” feature in 2021. This feature allows liquidity providers to set minimum and maximum prices for their assets in DEX pools, making liquidity provision more complex. Users turned to management protocols to handle their assets, contributing to the increased adoption of these protocols.

More Articles

DeFi News
Standard Chartered and Virtu Financial Join GFO-X U.K. Crypto Derivatives Platform
Hassan Shittu
Hassan Shittu
2024-12-09 20:33:52
Blockchain News
Floki Launches Debit Card Supporting Crypto Payments in Europe
Hongji Feng
Hongji Feng
2024-12-09 19:37:48
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors