# Concentric Immediate Post-Mortem By [Concentric Finance](https://paragraph.com/@concentrictreasury) · 2024-01-22 --- **Concentric Security Breach Post-Mortem Report** **Overview of the Incident** Concentric experienced a significant security breach stemming from a social engineering attack. This incident severely compromised our operational integrity and led to a considerable financial loss, deeply affecting our community's trust and the overall stability of our protocol. **Initial Breach and Attack Methodology** The breach originated with a targeted social engineering attack against a team member, with access to the deployer wallet. The attacker, posing as a recruiter on a professional networking platform, skillfully gained the trust of our team member. This led to the installation of malware under the guise of a routine skill assessment, which compromised the team member’s computer and, critically, the private keys of the deployer wallet. **Exploitation and Impact** Having obtained access to the deployer wallet, the attacker executed a series of calculated actions: * Transfer of Contract Ownership: The attacker shifted the ownership of the ConeCamelotFactory, a vital contract in our ecosystem, from its original address to a new, attacker-controlled address.[https://arbiscan.io/tx/0xd9036566a2614045219e9bead34e490fc24c9d6ca695d5348b694c3280558e3b](https://arbiscan.io/tx/0xd9036566a2614045219e9bead34e490fc24c9d6ca695d5348b694c3280558e3b) * Upgrading the Vaults: Utilizing their newfound control, the attacker upgraded the existing vaults’ implementation to a new contract. This new contract was embedded with an admin mint function.[https://arbiscan.io/tx/0xb2fa31c9bc7d5e41955cb81224545588c1a0746b8564f14a2e143dc56364020a](https://arbiscan.io/tx/0xb2fa31c9bc7d5e41955cb81224545588c1a0746b8564f14a2e143dc56364020a) * Minting and Draining: The admin mint function was then exploited to mint new LP tokens illegitimately. This action allowed the attacker to drain the assets from the vaults effectively.New owner: [https://arbiscan.io/address/0x105f52fcc329cef4cbe25bc946f8a3738414e4a1](https://arbiscan.io/address/0x105f52fcc329cef4cbe25bc946f8a3738414e4a1) **Financial Loss and Transaction Details** The attacker drained a total of 715.7 ETH worth of assets, equating to approximately $1.7 million, from our vaults. The initial drainage occurred through this address:[https://arbiscan.io/address/0x105f52fcc329cef4cbe25bc946f8a3738414e4a1](https://arbiscan.io/address/0x105f52fcc329cef4cbe25bc946f8a3738414e4a1) Subsequently, the funds were distributed among three different wallets: [https://arbiscan.io/address/0xfd681a9aa555391ef772c53144db8404aec76030](https://arbiscan.io/address/0xfd681a9aa555391ef772c53144db8404aec76030) [https://arbiscan.io/address/0x1f14e38666cdd8e8975f9acc09e24e9a28fbc42d](https://arbiscan.io/address/0x1f14e38666cdd8e8975f9acc09e24e9a28fbc42d) (Tagged OKX Exploiter 2) [https://arbiscan.io/address/0x17865c33e40814d691663bc292b2f77000f94c34](https://arbiscan.io/address/0x17865c33e40814d691663bc292b2f77000f94c34) **Efforts for Fund Recovery and Security Enhancement** In light of the recent breach, our team at Concentric is fully committed to recovering the stolen funds. Recognizing the complexity and sophistication of this attack, we have sought the expertise and counsel of several top-tier security experts and they are assisting us in tracing the stolen assets and exploring all possible avenues for their recovery. In addition, we are leveraging blockchain analytics to track the movement of the stolen funds and have contacted top exchanges like Binance, OKX and others to flag the exploiters’ addresses. We’re working with the relevant authorities and we’re announcing a 100k reward pool for any information that could lead to the recovery of the funds. If you have any information, any lead that could help us in this situation, please reach out. Your insight could be the key to recovering the funds and safeguarding others in our community. We assure you that your help will be valued and your privacy respected. --- *Originally published on [Concentric Finance](https://paragraph.com/@concentrictreasury/concentric-immediate-post-mortem)*