In a January 22 report, the prominent liquidity manager Concentric was hit by a security breach resulting in a loss of substantial amounts. Updating the X community the Concentric regretted that the hackers deployed a social engineering attack to gain unauthorized access to the protocol deployer account.
Following the discovery of the hacking incident, the Concentric team launched a thorough investigation into the matter.
Concentric Suffers Security Breach Leading to $1.8M Losses
In a subsequent report, the probing team noted that the hackers exploited the private keys to gain access to the Concentric protocol. The technical team observed that the hackers took charge of the deployer account and issued commands to the vaults.
The report demonstrated that the hacker also upgraded the vaults to gain access to the funds on these platforms. In the report, the Concentric team lamented that the hackers heisted measurable amounts of funds from the compromised vaults.
Shortly after the hacking incident renowned blockchain analytic firms stepped up in the ongoing investigation to assess the damages and the severity of the security incident. A report from the New York-based blockchain security company CertiK demonstrated that the Concentric security incident impacted a loss of approximately $1.8 million.
After thoroughly assessing the incident CertiK analysts noted that the hackers deployed a similar mechanism to exploit the Concentric just as they did on OKX last December. They noted similarities in the external wallet used by the hackers to drain $2.7 million from the OKX decentralized exchange.
Hackers Preying on Liquidity Management Protocols
The CertiK suspected that the OKX and Concentric hacking incident was caused by the same entity or group. In a separate report, the Concentric team confirmed that after the completion of the ongoing investigations, the probing team will formulate the post-mortem report concerning the hacking incident.
This report will enable the technical team to strengthen the existing security measures. Also, the technical team revealed plans to conduct intense deliberation that will enable Concentric to develop a plan to address the vulnerability.
In the report, the Concentric assured the customers that the matter would soon be resolved. But before then Concentric advised the customers to block approvals on the vault addresses since the hackers managed to compromise the protocol document. Apart from this, the Concentric team noted that the attackers accessed the adminMint function on the Concentric contract to mint 0.001 CONE-1 tokens.
Later the hackers burned the obtained CONE-1 token from the AlgebraPool. They noted that the process of minting and burning CONE-1 tokens was repeated by the hackers severally to obtain ERC-20 tokens.
With the ongoing development in the crypto industry, hackers have been preying on liquidity management protocols that enable the company to select minimum and maximum prices. From 2021 the number of liquidity management protocols has been on the rise.