Join the hunt for $12,000,000+ in NEXO Tokens!

Learn More

Concentric’s $1.8 million exploiter is tied to OKX and LunaFi incidents, CertiK reports

On-chain data shows that the exploiter’s wallets were funded by addresses connected to three notorious security incidents.

Concentric.Fi’s $1.8M attacker is tied to OKX and LunaFi incidents, reports CertiK

Share this article

Concentric Finance’s exploiter is linked to OKX, UnoRe, and LunaFi’s security incidents, reveals a report published by blockchain security firm CertiK on Jan. 22. The ties were uncovered when CertiK identified a wallet used by Concentric’s exploiter that was funded by addresses tied to OKX and UnoRe attacks.

In a Jan. 22 post on X (formerly Twitter), liquidity manager Concentric warned users to avoid interactions with the protocol after identifying a security incident. CertiK identified a suspicious wallet minting CONE-1 LP tokens and using them to drain liquidity from the pools.

Concentric later confirmed that the breach stemmed from a compromised private key of an admin wallet. The attacker transferred ownership to a wallet addressed as 0x3F06, which then initiated the creation of malicious liquidity pools under their control.

Concentric.Fi’s $1.8M attacker is tied to OKX and LunaFi incidents, reports CertiK

This maneuver allowed the attackers to mint an excessive number of LP tokens and withdraw ERC-20 tokens from the protocol. These tokens were then exchanged for Ethereum (ETH) and dispersed across three wallets, one of which is publicly identified as associated with the OKX exploit in Etherscan.

In a sophisticated chain of transactions, almost $2 million was stolen, ranking this as the ninth-largest attack in crypto this month. Notably, one of the wallets, 0xc62A25462A61f02EBAB35Cd39C5E9651426e760b, was instrumental in redirecting user-approved funds from Concentric contracts, converting them to ETH and transferring them to another wallet, accounting for more than $154,000 of the total stolen funds.

Concentric.Fi’s $1.8M attacker is tied to OKX and LunaFi incidents, reports CertiK

Concentric announced a $100,000 bounty pool for any information leading to the recovery of the funds, and its services are halted for an undetermined period. However, investors are still waiting for information regarding how the protocol will respond to this breach and what measures will be taken to prevent future incidents.

The threat of compromised private keys

In its ‘Hack3d: The Web3 Security Report’ published Jan. 3, CertiK highlights private key compromises as the most profitable method for exploiters. Six of the ten most costly security incidents throughout 2023 were due to private key compromises, with the total amount stolen from Web3 platforms totaling $880.8 million.

Simultaneously, this attack vector was the least used by hackers in 2023, which might serve as an example of how costly these exploits caused by private key compromises could be.

Share this article