An attacker used a “social engineering attack” to compromise the protocol’s deployer private key, which was then used to mint tokens and burn them drain funds.
Liquidity manager app Concentric has been exploited on Arbitrum, according to the protocol’s official X account. The attacker used a “social engineering attack” to compromise the private key for the protocol’s deployer account, which was then used to “upgrade the vaults, mint new LP tokens, and subsequently drain the vaults of their assets,” the team stated.
Concentric is urging users to revoke approvals from all vault addresses, which they list in the protocol’s documents.
The Concentric team said they have initiated an investigation and will issue a post-mortem report as soon as possible. In the report, the team will provide a plan to address the vulnerability. “Our team is fully committed to resolving this issue and restoring the integrity of the Concentric protocol,” Concentric stated.
Read more
Source: https://cointelegraph.com/news/concentric-liquidity-manager-exploited-private-key-hack