In a recent cyber heist, a hacker exploited a vulnerability in the Seneca stablecoin protocol, making off with over $6 million worth of Ether. However, the story took a surprising turn when the hacker returned most of the stolen funds after receiving a bounty offer from the project.
The exploit, which occurred on February 28, affected both the Ethereum and Arbitrum networks. The hacker exploited an “arbitrary call issue,” allowing them to divert funds from users who had approved the Seneca smart contract to interact with their tokens. Security experts from CertiK and Blocksec identified the root cause of the breach.
#CertiKSkynetAlert 🚨
We are seeing an exploit on @SenecaUSD
Exploiter has stolen at least ~$3m worth of assets
All users should revoke the following addresses
0xbc83f2711d0749d7454e4a9d53d8594df0377c05
0x2d99e1116e73110b88c468189aa6af8bb4675ec9 pic.twitter.com/iVhDhGwUc8— CertiK Alert (@CertiKAlert) February 28, 2024
Seneca, aiming to provide a decentralized and scalable stablecoin solution, did not have a pause function in its contracts, making it challenging to stop the exploit. The project estimated the total loss at 1,900 Ether or about $6.4 million.
#PeckShieldAlert @SenecaUSD hacker-labeled address has returned 1,537 $ETH (worth ~$5.3m) to #Seneca: Deployer address & transferred 300 $ETH (~$1.04m) to 2 new addresses pic.twitter.com/hNOFMr1aTk
— PeckShieldAlert (@PeckShieldAlert) February 29, 2024
Hacker Returns 1,537 ETH to Seneca, Keeps 300 ETH
In an effort to recover the stolen funds, Seneca offered the hacker a 20% bounty, or $1.2 million, to return the rest of the money. The hacker agreed and returned 1,537 Ether, or about $5.3 million, to the Seneca team. The hacker kept 300 Ether, or about $1 million, as the bounty.
We're happy to see 80% of funds have been returned.
Transaction link: https://t.co/VzqCvt24pF
The exploit involved assets held in users' wallets. The exploit didn't involve funds directly deposited into Seneca (Seneca's TVL).
The recovery of funds through a whitehat request…
— Seneca (@SenecaUSD) February 29, 2024
The Seneca team is now collaborating with security firms and law enforcement agencies to track the hacker and prevent further attacks. They are also taking measures to enhance the security and audit of their protocol.
The Seneca token (SEN) experienced a sharp decline in price following the exploit, losing more than 59.3% of its value in a day. It is currently trading at $0.036, down 58% in the last 24 hours.
This incident underscores the risks and challenges of decentralized finance (DeFi) protocols. Users are advised to exercise caution and due diligence when interacting with smart contracts and DeFi platforms.
Interested In Getting The “Learn2Trade Experience?”Join Us Here
[xyz-ihs snippet="Markets"]Learn to Trade
Never Miss A Trade Again
Signal Notification
Real-time signal notifications whenever a signal is opened, closes or Updated
Get Alerts
Immediate alerts to your email and mobile phone.
Entry Price Levels
Entry price level for every signal Just choose one of our Top Brokers in the list above to get all this free.
