A Hacker Compromises Concentric’s Deployment Account, Resulting in a Loss of Over $1.8 Million
Concentric, a liquidity management application on the Arbitrum blockchain, has fallen victim to a major attack. A hacker, successfully compromising the deployment account’s private key with a social engineering attack, manipulated the system to drain funds from Concentric’s chests.
Attack Details and Precautions
The attack was carried out by exploiting the adminMint functionality of a Concentric contract, allowing the hacker to create CONE-1 tokens. These tokens were then exchanged for assets in the AlgebraPool, repeating the process multiple times to accumulate various ERC-20 tokens, which were later converted into Ether (ETH).
As a result of this attack, over $1.8 million has been stolen, according to a report from blockchain security platform Cyvers. The attacker’s wallet is believed to be linked to the one used in the OKX decentralized exchange hack in December, suggesting a possible connection between the two incidents.
The Concentric team is committed to resolving this issue and restoring the protocol’s integrity. They have also advised users to revoke approvals granted to the addresses of their chests on the protocol.
Context of Liquidity Managers
Liquidity management protocols, like Concentric, play a crucial role in setting minimum and maximum prices and rebalancing liquidity pools on decentralized exchanges (DEXs). Their popularity has grown after Uniswap introduced the concentrated liquidity feature in 2021, making liquidity provisioning more complex and leading some users to turn to management protocols for asset management.