ConcentricFi, an Arbitrum-based liquidity management protocol, has officially acknowledged a security breach on its smart contract.
The incident, first reported by blockchain security firm CertiK, caused an estimated $1.6 million in damages.
The exploit targeted ConcentricFi’s vault approvals, prompting the protocol to advise users to revoke all permissions and stop interacting.
The security breach was discovered following an alert from CertiK, which assessed the damages based on its analysis of the threat actor’s wallet.
CertiK identified wallet address 0x5A58D1a81c73Dc5f1d56bA41e413Ee5288c65d7F, which was previously linked to the OKX exploit on December 13, 2023, as the most likely culprit in the ConcentricFi breach.
ConcentricFi runs an automated liquidity management platform on the Arbitrum blockchain. Using Camelot v3, the protocol employs an algorithm to direct assets toward high-yield investment opportunities.
Concentric Vaults, a key feature, allows users to deposit liquidity provider (LP) tokens while the protocol maximizes yield through strategic asset reallocation.
The first attack vector was social engineering, in which the threat actor compromised the wallet of a team member with deployer and upgrade privileges.
Using this access, the attacker updated the vault contracts’ code, introducing three ConeCamelotVault contracts.
Malicious code was inserted into these upgraded contracts, allowing for the creation of new LP tokens and the subsequent drain of funds from the vault.