Concentric Immediate Post-Mortem

Concentric Security Breach Post-Mortem Report

Overview of the Incident

Concentric experienced a significant security breach stemming from a social engineering attack. This incident severely compromised our operational integrity and led to a considerable financial loss, deeply affecting our community's trust and the overall stability of our protocol.

Initial Breach and Attack Methodology

The breach originated with a targeted social engineering attack against a team member, with access to the deployer wallet. The attacker, posing as a recruiter on a professional networking platform, skillfully gained the trust of our team member. This led to the installation of malware under the guise of a routine skill assessment, which compromised the team member’s computer and, critically, the private keys of the deployer wallet.

Exploitation and Impact

Having obtained access to the deployer wallet, the attacker executed a series of calculated actions:

Financial Loss and Transaction Details

The attacker drained a total of 715.7 ETH worth of assets, equating to approximately $1.7 million, from our vaults. The initial drainage occurred through this address:

Subsequently, the funds were distributed among three different wallets: (Tagged OKX Exploiter 2)

Efforts for Fund Recovery and Security Enhancement

In light of the recent breach, our team at Concentric is fully committed to recovering the stolen funds. Recognizing the complexity and sophistication of this attack, we have sought the expertise and counsel of several top-tier security experts and they are assisting us in tracing the stolen assets and exploring all possible avenues for their recovery. In addition, we are leveraging blockchain analytics to track the movement of the stolen funds and have contacted top exchanges like Binance, OKX and others to flag the exploiters’ addresses.

We’re working with the relevant authorities and we’re announcing a 100k reward pool for any information that could lead to the recovery of the funds. If you have any information, any lead that could help us in this situation, please reach out. Your insight could be the key to recovering the funds and safeguarding others in our community. We assure you that your help will be valued and your privacy respected.

Subscribe to Concentric Finance
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.