On February 28th, multiple blockchain security firms raised red flags regarding an exploit detected on the stablecoin protocol, prompting warnings from companies like c urging users to revoke approvals on the Ethereum and Arbitrum networks. Initially estimated at $3 million, the losses from the exploit surged to over 1,900 Ether, equating to roughly $6.4 million.
Security analysts at CertiK attributed the exploit to a critical vulnerability within the protocol’s smart contract, enabling the attacker to execute external calls to any address. Furthermore, the absence of a code allowing the team to pause the project’s contracts necessitated users to revoke permissions manually.
In response, Seneca, the affected project, initiated investigations with specialists to discern the events leading to the exploit. They also announced a $1.2 million bounty for the return of stolen funds and implored the hacker, through an on-chain message, to return 80% of the funds to avoid legal repercussions. However, the hacker returned only a portion of the stolen funds before transferring the remaining amount to other addresses.
