Concentric.Fi was compromised after a targeted social-engineering attack against a team member led to malware installation and exposure of the deployer wallet's private keys. The attacker used the resulting ownership access to upgrade Cone pool contracts with a malicious version containing an adminMint function, then minted illegitimate LP tokens and drained CONE-1 from vaults while the project coordinated tracing and exchange notifications.