WEB3

Seneca Protocol Hacker Returns Over $5.3 Million After $6.4 Million Theft

by BSCN

February 29, 2024

chain

Blockchain security firm CertiK identified a critical vulnerability in the protocol's smart contract, enabling the attacker to siphon over 1,900 Ether.

A hacker exploited the Seneca stablecoin protocol on Feb. 28, making off with a staggering $6.4 million worth of Ether (ETH). However, recent developments reveal a surprising twist to the unfolding story, as the hacker returns over $5 million after accepting an offer to keep 20% of the stolen funds.

Uncovering The Exploit

On February 28th, blockchain security firms sounded the alarm bells after discovering an exploit within the Seneca stablecoin protocol. 

Initial estimations placed the losses at $3 million, but further investigation unveiled a much larger sum: over 1,900 Ether, valued at approximately $6.4 million, had been siphoned from the protocol.

Security analysts at CertiK identified a critical "call" vulnerability within the protocol's smart contract, allowing the attacker to execute external calls to any address. Meanwhile, Seneca detected an "approval bug" within its system and initiated collaboration with security specialists to probe the exploit further. 

The Negotiation

In a surprising turn, Seneca extended an offer to the hacker, dubbed "Whitehat," proposing the return of 80% of the stolen funds to an Ethereum address while permitting the hacker to retain 20%. The protocol aslo urged users to revoke approvals associated with six wallet addresses across Ethereum and Arbitrum networks.

Following Seneca's plea, the hacker agreed by returning 1,537 ETH, equivalent to over $5.3 million. However, the exploiter transferred 300 ETH, approximately $1.04 million, to two new wallet accounts, constituting around 20% of the total stolen funds.

Disclaimer

Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article

;