Archived tweet

Tweet by ConcentricFi:

We regret to inform you that our protocol has suffered a severe security breach due to a targeted social engineering attack on one of our team members holding the deployer wallet. This unfortunate incident led to unauthorized access and subsequent exploitation of our protocol. What Happened? - The Attack Vector: The exploit was initiated through a social engineering attack compromising the deployer wallet. - The Exploit: Despite having audited vaults, our protocol was vulnerable as these vaults were upgradable. The attacker leveraged this feature to upgrade the vaults, mint new LP tokens, and subsequently drain the vaults of their assets. Immediate Actions Taken: 1. Security Measures: We have initiated a thorough investigation and have contacted some security researchers, to analyze the breach and prevent future damage and identify the exploiters. 2. Communication: We are committed to transparency and will release a detailed post-mortem report soon. This report will provide in-depth insights into the incident and our plan to address the vulnerabilities. 3. Community Support: We understand the gravity of the situation and its impact on our users. We are exploring all possible options to mitigate the losses and safeguard our community's interests. We sincerely apologize for the inconvenience and distress this incident has caused. Our team is fully committed to resolving this issue and restoring the integrity of the Concentric protocol. We appreciate your support and understanding during this difficult time. The Concentric Team Tweeted at 8:08 AM · Jan 22, 2024