Stablecoin protocol Seneca faced a critical breach, with at least $6.4 million in digital assets exposed due to a protocol smart contract approval mechanism flaw.
Blockchain security firms, including CertiK, flagged the exploit on Feb. 28, prompting warnings to users to retract approvals on Ethereum and Arbitrum networks. Initial loss projections stood at $3 million, but over 1,900 ETH, valued at approximately $6.4 million, were compromised.
Seneca attacker’s wallet showing about $3 million in Ether. Source: CertiK
The exploit was attributed to a critical “call” vulnerability in the protocol's smart contract, allowing external calls to any address. The absence of a pause mechanism in the project's contracts necessitated user permission revocation.
Seneca initiated investigations with specialists and extended a $1.2 million bounty for fund recovery. In an on-chain message on Feb. 29, Seneca requested the hacker to return 80% of the stolen funds to a designated Ethereum address, with the hacker retaining 20%.
Seneca team’s on-chain message to the exploiter. Source: Seneca
Following Seneca's appeal, the hacker returned approximately 1,537 ETH, equivalent to around $5.3 million, to the specified wallet address. Retaining 300 ETH, valued at about $1 million, the hacker accepted the 20% bounty before transferring the ETH to two different addresses.
The swift response led to the return of a portion of the stolen funds, showcasing efforts to mitigate losses and address vulnerabilities. However, the incident underscores the ongoing challenges in securing decentralized protocols against exploitation.
In this article, I propose adding a liquidity or milestone-based dimension to enhance and improve upon the existing token vesting schedule models we most commonly observe today.
JinseFinanceThe recent hacking of CertiK's X account highlights the escalating threat of phishing in the blockchain space, underscoring the need for heightened vigilance and robust security measures.
EdmundThrough statistics and analysis of security incidents in the Web3.0 field over the past year, the latest trends in Web3.0 security are fully revealed.
JinseFinanceStablecoin issuers Circle and Tether have blacklisted over half of the stolen funds, according to available information.
BeincryptoMetis, an Ethereum layer-2 platform, warns users not to buy METIS on the BNB Blockchain days after the PolyNetwork was hacked and $5.5 million of assets stolen.
BitcoinistNorway completed its record-high crypto seizure, confiscating approximately $5.9 million worth of digital assets.
cryptopotatoThe community criticized the airdrop announced by the AllianceBlock team.
BeincryptoThe notorious North Korean hacker collective known as Lazarus has had a busy weekend moving millions of dollars in Ethereum.
cryptopotatoBabylon’s founder said several liquidity pools and BABL tokens price were severely impacted, which contributed to the decision.
Coindesk
Nulltx