Hacker Returns Stolen Funds After Seneca Stablecoin Protocol Offers 20% Reward
Summary:
Seneca, a stablecoin protocol, rewarded a hacker with 20% of the stolen funds after an approval mechanism bug compromise led to unauthorized extraction of $6.4 million in digital assets. With initial estimates putting losses at $3 million, it emerged that the attacker had taken over 1,900 Ether (ETH) due to a "call" vulnerability. With the lack of a "pause" function on the project's contracts, the Seneca team worked with experts and law enforcement, offered a $1.2 million reward, and urged the hacker to return 80% of the stolen wealth. Following this appeal, the hacker returned about 1,537 ETH (approximately $5.3 million) to the designated wallet address, retaining 300 ETH (around $1 million) and effectively accepting Seneca's offered reward.
Seneca, a stablecoin protocol, has proposed a 20% reward to the individual who manipulated an approval mechanism glitch in the protocol's smart contract, leading to the unauthorized access and subtraction of digital assets worth roughly $6.4 million. On February 28, blockchain security organizations pointed out the manipulation on the stablecoin protocol, with firms such as CertiK advising users to cancel approvals from a specific address on the Ethereum and Arbitrum grids. Initially, the financial impact was believed to be $3 million, but further investigation uncovered that over 1,900 Ether (ETH) totaling around $6.4 million was removed through the loophole. CertiKSecurity's security experts explained that the manipulation occurred due to a serious "call" vulnerability in the protocol's smart contract that permitted the perpetrator to make exterior calls to any address. What's more, the project's contracts lacked a “pause” feature. This meant that users needed to withdraw permissions on their own. The Seneca team is working with experts to unravel the situation and has proffered a $1.2 million reward for the recoupment of the pilfered funds. On February 29, through an on-chain message, the Seneca team implored the hacker to return 80% of the stolen assets to a specified Ethereum address, sanctioning the hacker to retain the remainder 20% of the funds. Maintaining communication with security professionals and law enforcement in tracing the funds, the team encouraged speedy repayments to circumvent any potential legal repercussions. Not long after Seneca's message, the hacker was spotted returning approximately 1,537 ETH, an equivalent of nearly $5.3 million, to Seneca's designated wallet address. The hacker held onto 300 ETH valued at around $1 million, which implies acceptance of the 20% reward proposed by the team. The remaining Ether was then dispersed into two separate addresses.
Published At
2/29/2024 11:25:50 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.