By
Mayowa Adebajo
May 20th, 2024
Seneca has initiated an investigation in collaboration with specialists to delve into the recent exploit. The hacker returned 1,537 ETH, valued at approximately $5.3 million and kept another 300 ETH.
The Seneca stablecoin protocol experienced a significant exploit, resulting in a loss exceeding $6 million across the Ethereum and Arbitrum networks. The exploit stemmed from a flaw in the protocol’s smart contract approval mechanisms, which enabled an unidentified attacker to redirect funds.
Security analysts from Blocksec identified the root cause as an “arbitrary call issue” within Seneca’s smart contracts. Unlike conventional protocols, Seneca’s contracts lacked a mechanism for pausing operations, relying instead on users to revoke permissions. The hacker transferred the stolen assets, totaling over 1,900 ETH ($6 million), from the project’s contract to external addresses controlled by the attacker.
The Seneca team promptly acknowledged the incident and advised users to revoke any previously granted permissions to mitigate the risk of additional unauthorized transactions.
Seneca operates as a decentralized finance platform enabling users to mint and borrow its stablecoin, senUSD, against various crypto assets, employing a collateralized debt position mechanism. Following the exploit, the Seneca token experienced a significant decline, plummeting by over 60% from approximately $0.1 to below $0.04.
Hacker Returns Funds After Seneca Offers Bounty
Seneca has initiated an investigation in collaboration with specialists to delve into the recent exploit. Additionally, the project has put forth a bounty of $1.2 million for the restitution of the pilfered funds. In a message conveyed on-chain on February 29, Seneca extended an offer to the hacker, proposing the return of 80% of the misappropriated funds to a specified Ethereum address, allowing the hacker to retain the remaining 20%.
Expressing cooperation with security firms and law enforcement agencies to track the funds, Seneca urged the hacker to refund the assets promptly to avert potential legal repercussions. Following Seneca’s message, the hacker returned approximately 1,537 ETH, valued at approximately $5.3 million, to the designated wallet address. The exploiter opted to retain 300 ETH, approximately $1 million in value and accepted the 20% bounty as offered by Seneca, subsequently transferring the ETH to two distinct addresses.
Crypto exploits have been increasing recently as the crypto market rally continues. Earlier this month, the decentralized crypto exchange (DEX) FixedFloat encountered a significant exploit, resulting in a loss exceeding $26.1 million in Bitcoin and Ethereum. The incident occurred on Sunday, February 18th, as reported.
Beginning on February 17th, numerous users lodged complaints regarding stalled transactions and missing funds on the exchange’s platform. Subsequent analysis of on-chain data indicates that on February 18th, the attacker absconded with 409 Bitcoin (BTC) valued at roughly $21 million and over 1,728 Ether (ETH) worth nearly $5 million.