Hack Attack on Liquidity Manager App Concentric Leads to $1.8 Million Loss
Summary:
Concentric, a liquidity management application, has been exploited on Arbitrum platform, leading to a loss of over $1.8 million. The attack was carried out by manipulating vaults and minting new LP tokens. Blockchain security platform, CertiK, suggests the attacker's wallet is linked to a previous decentralized exchange exploit, implying a possibility of the same entity being involved. Concentric's team are working to address this issue and restore the app's integrity. This incident follows a similar attack on another liquidity manager, Gamma Protocol, which led to a loss of nearly $500,000.
The liquidity management application, Concentric, has suffered an attack on its Arbitrum platform, as announced on their official X account. A malefactor carried out a "social engineering attack" to gain access to the app's deploying account private key. Possessing this key allowed them to manipulate vaults, create fresh LP tokens, and subsequently strip the vaults of assets. Concentric is encouraging its users to retract approvals for all vault addresses as listed in the protocols documents, as the attacker is now focusing on approvals.
The blockchain safety platform, Certik, reports that the exploit has amounted to losses surpassing $1.8 million. CertiK links the wallet involved in the attack to the wallet responsible for the OKX decentralized exchange exploit on 13th December, inferring a single entity or group to possibly be behind both actions. The attacker employed the adminMint function to mint 0.001 CONE-1 tokens, before proceeding to "burn" them to extract funds from the AlgebraPool. This cycle was repeated, enabling them to acquire multiple ERC-20 tokens that were later exchanged for Ether (ETH).
The Concentric team has begun an investigation into the incident and assured that a comprehensive report would be submitted at the earliest. This report will outline a strategy to tackle the exposed vulnerability. The team stated their complete dedication to addressing this problem and reinstating the integrity of the Concentric protocol.
Liquidity management protocols streamline decentralized exchanges (DEX) by setting price boundaries and adjusting liquidity pools. These protocols gained traction following the 2021 launch of Uniswap's "concentrated liquidity" feature, which gave liquidity providers the ability to dictate the trading range of their assets. This development complicated liquidity provision, leading some users to use management protocols for handling their assets.
On January 4th, another liquidity manager, Gamma Protocol, was targeted and roughly $500,000 was swiped due to a smart contract vulnerability. The two incidents seem unconnected in terms of the methods utilized during the attacks.
Published At
1/22/2024 7:03:40 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.