Seneca, a stablecoin protocol, is offering a 20% reward to the individual who exploited a bug in its smart contract and gained access to over $6.4 million in digital assets. The exploit was flagged by multiple blockchain security firms on February 28, with CertiK warning users to revoke approvals from an address on the Ethereum and Arbitrum networks. Initially, it was estimated that the losses amounted to $3 million, but it was later discovered that over 1,900 Ether, equivalent to $6.4 million, had been taken.
According to security analysts at CertiK, the exploit occurred due to a critical vulnerability in the protocol’s smart contract, which allowed the attacker to perform external calls to any address. Joe Green, the head of CertiK’s quick response team, emphasized the importance of paying attention to external calls, especially when upgrading contracts. He explained that while a contract may be secure during its deployment, it can break in certain instances, leading to unexpected vulnerabilities.
Seneca is currently working with specialists to investigate the incident and has offered a $1.2 million bounty for the return of the stolen funds. In an on-chain message, Seneca requested the hacker to return 80% of the funds to an Ethereum address, allowing them to keep the remaining 20%. The protocol stated that it is collaborating with security providers and law enforcement to trace the funds, urging the hacker to act promptly to avoid legal consequences.
Following Seneca’s message, the hacker returned approximately 1,537 ETH, worth around $5.3 million, to the specified wallet address. They kept 300 ETH, worth approximately $1 million, and accepted the 20% bounty offered by Seneca. The exploiter then transferred the remaining ETH to two different addresses.
$6.4M exploit prompts Seneca stablecoin hacker to return stolen funds