Overview
The hacker who exploited a bug in the Seneca stablecoin protocol, gaining access to around $6.4 million in ETH, has returned over $5 million to the project after accepting a 20% bounty offered by Seneca.
Exploit Details
The exploit, flagged by blockchain security firms on Feb. 28, involved an approval mechanism bug in Seneca's smart contract, allowing the attacker to perform external calls to any address. Initial estimates suggested losses of $3 million, but the exploit resulted in over 1,900 Ether being taken.
#CertiKSkynetAlert 🚨
— CertiK Alert (@CertiKAlert) February 28, 2024
We are seeing an exploit on @SenecaUSD
Exploiter has stolen at least ~$3m worth of assets
All users should revoke the following addresses
0xbc83f2711d0749d7454e4a9d53d8594df0377c05
0x2d99e1116e73110b88c468189aa6af8bb4675ec9 pic.twitter.com/iVhDhGwUc8
Seneca's Response
Seneca offered a $1.2 million bounty for the return of the stolen funds and urged the hacker to return 80% of the funds to an Ethereum address specified by Seneca, allowing the hacker to keep 20%. Seneca stated that it is working with specialists, security providers, and law enforcement to trace the funds.
Hacker's Return
Following Seneca's message, the hacker returned about 1,537 ETH, worth around $5.3 million, to the specified wallet address. The hacker kept 300 ETH, worth around $1 million, and accepted the 20% bounty. The hacker then transferred the remaining ETH to two different addresses.
Conclusion
The swift action taken by Seneca, along with the hacker's decision to return a majority of the stolen funds, highlights the importance of security measures and collaboration within the crypto community to mitigate the impact of exploits and protect users' assets.
We are actively working with security specialists to investigate the approval bug found today.
— Seneca (@SenecaUSD) February 28, 2024
In the meantime, REVOKE approvals for the following addresses:#Ethereum
PT-ezETH 0x529eBB6D157dFE5AE2AA7199a6f9E0e9830E6Dc1
apxETH 0xD837321Fc7fabA9af2f37EFFA08d4973A9BaCe34…
