The Seneca Protocol hacker has given back $5.3 million worth of Ether tokens after draining $6.4 million on Ethereum and Arbitrum networks. Initial investigations suggested that an approval mechanism bug in the protocolās smart contract was exploited.
The stablecoin protocol had recently confirmed roping in with law enforcement but offered leniency, stating the team wouldnāt take legal steps if the hacker returned 80% of the funds, keeping 20% as a reward.
The vulnerability stemmed from a function in the Seneca protocolās smart contract code called āperformOperations.ā This function, open to external calls, lacked adequate validation for its inputs.
The absence of input validation is a critical oversight in smart contract development. Exploiting this flaw, the attacker crafted specific data to trigger conditions, enabling them to invoke any contract on the blockchain with arbitrary data.
This capability grants the attacker unrestricted access to interact with other contracts, masquerading as vulnerable ones. As a result, the attacker proceeded to transfer assets from addresses authorized to the now-compromised contracts.
Crypto security researcher Daniel Von Fange discovered the flaw and was allegedly expelled from the projectās Discord server, where the team was removing mentions of the exploit.
According to Peck Shieldās latest update, the exploiter sent 1,537 Ethereum to a Seneca address, which is the main address connected to the exploit. The hacker retained 300 ETH, worth approximately $1 million, and received the 20% reward offered by Seneca. Subsequently, they transferred the ETH to two separate addresses.
Seneca Protocol suffered a massive breach on February 28th that resulted in its native token SEN extending 80% losses in a day. Initially, losses were estimated to be around 3 million, but further investigation revealed that over 1,900 Ether, worth around $6.4 million, were stolen in the exploit.
Later, Seneca issued a statement that it is collaborating with experts to investigate the exploit. The protocol then announced a reward of $1.2 million for the recovery of the stolen funds.
Seneca confirmed in an official update on Wednesday that 80% of the funds have been successfully returned. It said that the exploit primarily targeted assets held in usersā wallets, clarifying that Senecaās own funds were not directly affected.
Instead, the exploit focused on external user assets within the Seneca ecosystem.
The post Seneca Recovers 80% of Funds After $6.4M Exploit appeared first on CryptoPotato.
The stablecoin protocol had recently confirmed roping in with law enforcement but offered leniency, stating the team wouldnāt take legal steps if the hacker returned 80% of the funds, keeping 20% as a reward.
Seneca Hacker Returns 80% of Stolen Funds
The vulnerability stemmed from a function in the Seneca protocolās smart contract code called āperformOperations.ā This function, open to external calls, lacked adequate validation for its inputs.
The absence of input validation is a critical oversight in smart contract development. Exploiting this flaw, the attacker crafted specific data to trigger conditions, enabling them to invoke any contract on the blockchain with arbitrary data.
This capability grants the attacker unrestricted access to interact with other contracts, masquerading as vulnerable ones. As a result, the attacker proceeded to transfer assets from addresses authorized to the now-compromised contracts.
Crypto security researcher Daniel Von Fange discovered the flaw and was allegedly expelled from the projectās Discord server, where the team was removing mentions of the exploit.
According to Peck Shieldās latest update, the exploiter sent 1,537 Ethereum to a Seneca address, which is the main address connected to the exploit. The hacker retained 300 ETH, worth approximately $1 million, and received the 20% reward offered by Seneca. Subsequently, they transferred the ETH to two separate addresses.
Seneca Protocol suffered a massive breach on February 28th that resulted in its native token SEN extending 80% losses in a day. Initially, losses were estimated to be around 3 million, but further investigation revealed that over 1,900 Ether, worth around $6.4 million, were stolen in the exploit.
Later, Seneca issued a statement that it is collaborating with experts to investigate the exploit. The protocol then announced a reward of $1.2 million for the recovery of the stolen funds.
Senecaās Confirmation
Seneca confirmed in an official update on Wednesday that 80% of the funds have been successfully returned. It said that the exploit primarily targeted assets held in usersā wallets, clarifying that Senecaās own funds were not directly affected.
Instead, the exploit focused on external user assets within the Seneca ecosystem.
The post Seneca Recovers 80% of Funds After $6.4M Exploit appeared first on CryptoPotato.
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
