Seneca stablecoin hacker returns stolen funds after $6.4M exploit

Stablecoin protocol Seneca has offered a 20% bonus to exploits that have found at least $6.4 million worth of digital assets after exploiting a validation mechanical flaw in the protocol's smart contract.

In the year Companies such as CertiK have warned of the exploit, urging them to revoke approvals from addresses on the Ethereum and Arbitrum networks. Initial estimates of the losses were $3 million, but it was later revealed that $6.4 million, worth more than 1,900 Ether (ETH), was taken from the exploit.

Security analysts at Certike explained that the exploit was caused by a critical “call” vulnerability in the protocol's smart contract. This vulnerability allowed an attacker to make outbound calls to any address.

Additionally, the project's contracts lacked code that allowed the team to “pause” on it. As a result, users must revoke permissions.

Related: Shido Token Drops 94% As Explosive Breaks Ethereum Stock Contract

Seneca said he is working with specialists to investigate what happened. He also offered a $1.2 million reward to recover the stolen funds. In a chain message on February 29, Seneca demanded that the hacker return 80% of the stolen funds to an Ethereum address, allowing the hacker to keep 20%.

In the message, Seneca said it was working with security providers and law enforcement to trace the money. He urged the hacker to return the money to avoid legal consequences. “Prompt action is critical, so we respectfully request that you refund the money as soon as possible to avoid further legal action,” he wrote.

Hours after Seneca's message, the hacker returned approximately 1,537 ETH worth $5.3 million to Seneca's specified wallet address. The exploiter grabbed 300 ETH, around $1 million, and received a 20% bonus offered by Seneca. The exploit then transferred the ETH to two different addresses.

Magazine: Diffie's Billion Dollar Secret: Insiders Responsible for Hacking