The liquidity management application Concentric on the Arbitrum network has suffered an exploit, as confirmed by the protocol's official X account. The attackers carried out a social engineering attack to gain access to private keys of the protocol deployer accounts. Using these compromised keys, they managed to upgrade the vault, create new LP tokens, and subsequently drained the assets from the vault.
In response to the attack, Concentric has advised its users to revoke approvals for all vault addresses as listed in their protocol documentation. Blockchain security firm CertiK reported that the exploit resulted in losses exceeding $1.8 million. The firm also noted that the wallet used in this attack has connections to the wallet responsible for the OKX decentralized exchange exploit on December 13, suggesting that the same entity or individuals may be behind both incidents.
The Concentric team is actively investigating the breach and has committed to publishing an autopsy report detailing the incident and their plan to address the vulnerability. They emphasized their dedication to resolving the issue and restoring the integrity of the Concentric protocol.
Liquidity management protocols like Concentric play a crucial role in decentralized exchanges (DEX) by helping set minimum and maximum prices and rebalancing liquidity pools. Their significance has grown since Uniswap introduced its “centralized liquidity” feature in 2021. This feature allows liquidity providers to specify the price range for trading their assets, thus increasing the complexity of liquidity provision and leading many users to rely on management protocols for asset handling.
This incident follows another recent attack on Gamma Protocol, a different liquidity management company, which occurred on January 4. In that exploit, the attackers managed to steal nearly $500,000 through a smart contract vulnerability. However, the methods used in the Gamma Protocol and Concentric attacks were different, and there appears to be no direct connection between the two incidents.
