Seneca Protocol Hacker Returns Over $5.3 Million After $6.4 Million Theft

by BSC News

February 29, 2024


Blockchain security firm CertiK identified a critical vulnerability in the protocol's smart contract, enabling the attacker to siphon over 1,900 Ether.

A hacker exploited the Seneca stablecoin protocol on Feb. 28, making off with a staggering $6.4 million worth of Ether (ETH). However, recent developments reveal a surprising twist to the unfolding story, as the hacker returns over $5 million after accepting an offer to keep 20% of the stolen funds.

Uncovering The Exploit

On February 28th, blockchain security firms sounded the alarm bells after discovering an exploit within the Seneca stablecoin protocol. 

Initial estimations placed the losses at $3 million, but further investigation unveiled a much larger sum: over 1,900 Ether, valued at approximately $6.4 million, had been siphoned from the protocol.

Security analysts at CertiK identified a critical "call" vulnerability within the protocol's smart contract, allowing the attacker to execute external calls to any address. Meanwhile, Seneca detected an "approval bug" within its system and initiated collaboration with security specialists to probe the exploit further. 

The Negotiation

In a surprising turn, Seneca extended an offer to the hacker, dubbed "Whitehat," proposing the return of 80% of the stolen funds to an Ethereum address while permitting the hacker to retain 20%. The protocol aslo urged users to revoke approvals associated with six wallet addresses across Ethereum and Arbitrum networks.

Following Seneca's plea, the hacker agreed by returning 1,537 ETH, equivalent to over $5.3 million. However, the exploiter transferred 300 ETH, approximately $1.04 million, to two new wallet accounts, constituting around 20% of the total stolen funds.

Related News