Seneca Stablecoin Hacker Returns $6.4M After Exploit

The Seneca stablecoin protocol experienced a severe exploit, with the hacker gaining access to over $6.4 million worth of digital assets.

A protocol for stablecoins, Seneca has offered a 20% bounty to the individual who exploited a vulnerability in the protocol’s smart contract, granting them access to at least $6.5 Million worth of digital assets.

On February 28, several blockchain security companies brought to light the vulnerability that was impacting the stablecoin system. Companies like CertiK alerted consumers to revoke authorization from an address on both the Ethereum and Arbitrum networks simultaneously.

Initially, experts estimated the losses at $3 million, however, they later discovered that the exploit had led to the theft of over 1,900 Ether (ETH), equivalent to over $6.4 million.

Security specialists at CertiK explained that the attacker exploited a severe “call” vulnerability in the smart contract of the protocol. The attacker was able to make calls to any address from outside using this vulnerability.

Furthermore, the project contracts did not include a code that would have allowed the team to enter a “pause” while working on it. As a result, users are required to provide permissions to others.

Seneca Team Investigates Hack

According to the Seneca team, they are currently conducting an investigation and working with specialists to determine what took place. The group offered a $1.2 million reward for the safe return of the funds that had been taken.

The team sent an on-chain message on February 29, requesting the hacker to return 80% of the cash taken to an Ethereum address, allowing the hacker to keep 20% of the funds.

Within the communication, the Seneca team stated that they are working with law enforcement and security firms to track down the funds.

The team strongly recommended that the hacker return the money to avoid legal repercussions. We respectfully request that you return the cash promptly to prevent further legal action.

The hacker returned approximately 1,537 ETH, equivalent to about $5.3 million, to the wallet address supplied by the Seneca team. This occurred many hours after the team’s message.

The exploiter took the 20% prize provided by the team. The exploiter kept 300 ETH, which is approximately worth one million dollars. To further his scheme, the exploiter moved the ETH to two separate addresses.