Categories
News

Concentric.fi On Arbitrum Falls Victim To $1.7M Social Engineering Attack

Concentric Fi, operating on the Arbitrum network, has incurred substantial losses exceeding $1.7 million due to a targeted social engineering attack. 

The breach exploited a vulnerability in the protocol, stemming from unauthorized access gained through a sophisticated attack on one of the team members overseeing the deployer wallet.

The compromise of the deployer wallet resulted from a well-executed social engineering attack, ultimately triggering the exploit within the protocol. 

Despite having audited vaults, the vulnerability arose from the protocol’s capacity to undergo upgrades.

Leveraging this functionality, the attacker successfully upgraded the vaults, generating new LP tokens, and subsequently depleting the contents of the vaults.

The attack involved modifying the implementation contract of the CONE-1 proxy contract. The original ConeCamelotVault contract was replaced with a contract controlled by the attacker.

Additionally, the admin of adminMint() was added as the attacker, identified by the address 0x105f52fcC329cEF4CBe25BC946f8a3738414E4A1. This manipulation allowed the attacker to mint a significant quantity of LP tokens.

In response to the security breach, Concentric Fi has launched a comprehensive investigation and engaged with security researchers to analyze the incident thoroughly. 

The primary objectives include preventing future damage, identifying the perpetrators behind the exploit, and implementing enhanced security measures to fortify the protocol against potential threats.

This unfortunate incident underscores the persistent challenges faced by DeFi platforms in safeguarding user funds and maintaining the integrity of their protocols.

Disclosure: This is not trading or investment advice. Always do your research before buying any Metaverse crypto coins.