Seneca Hacker Returns $5.3M Amid Legal Threats, Keeps $1M Bounty
Seneca Hacker Returns $5.3M Amid Apt Threats, Retains $1M Bounty
After exploiting a vulnerability within the Seneca protocol on Wednesday, a hacker returned $5.3 million in stolen funds to the mission on February 29.
The returned amount represents 80% of the reported $6.4 million stolen funds.
The hacker agreed to get a 20% bounty, amounting to $1.28 million, as recognition for identifying the vulnerability all around the neat contract.
Seneca Hacker Brings in 300 ETH
Blockchain safety firm Peckshield reported on X (previously Twitter) that the whole Seneca funds returned is 1,537 ETH.
#PeckShieldAlert @SenecaUSD hacker-labeled tackle has returned 1,537 $ETH (value ~$5.3m) to #Seneca: Deployer tackle & transferred 300 $ETH (~$1.04m) to 2 unusual addresses pic.twitter.com/hNOFMr1aTk
— PeckShieldAlert (@PeckShieldAlert) February 29, 2024
The hacker reportedly transferred 20% of the total loot, amounting to 300 ETH, to 2 diverse crypto wallet addresses. This amount serves as the reward promised by the Seneca team for discovering the malicious program within the mission’s neat contract framework.
Dear Whitehat,
Please return the funds to the next Ethereum wallet tackle: 0xb7aF0Aa318706D94469d8d851015F9Aa12D9c53a
We’re participating with third-occasion safety companies and laws enforcement to tag the funds and title recipient wallets. Performing promptly is… pic.twitter.com/syIQQXHJSQ
— Seneca (@SenecaUSD) February 29, 2024
This construction marks a well-known step towards mitigating the influence of the exploit, with the Seneca team commending the collaboration with the hacker. The blockchain mission lauded the Seneca funds returned through a white hat query as an “optimistic downside” by the blockchain mission.
The team provided additional insights and published that the exploit focused customers’ wallets. Importantly, the hacker couldn’t receive admission to funds straight deposited into the mission, which used to be its whole value locked (TVL).
No topic Halborn Security’s audit of the Chamber Code neat contract sooner than its deployment, a essential oversight used to be stumbled on all around the section of the code managing customers’ wallets, which is why the exploit used to be no longer all-encompassing and most efficient affected a bit of its protocol.
We’re entirely joyful to peer 80% of funds were returned.
Transaction hyperlink: https://t.co/VzqCvt24pF
The exploit involved sources held in customers’ wallets. The exploit did not enjoy funds straight deposited into Seneca (Seneca’s TVL).
The restoration of funds through a whitehat query…
— Seneca (@SenecaUSD) February 29, 2024
The blockchain mission stated that it’s aloof gathering files on the exploit and must aloof release a submit-mortem update within the approaching days.
Seneca Exploit, What Came about?
Seneca is a decentralized finance (DeFi) protocol that enables customers to stake the native token $SEN to originate variable quantities of yields on them.
PeckShield Inc. first noticed the assault, revealing a essential approval malicious program within the Seneca protocol.
Hello @SenecaUSD We hang confirmed the essential approval malicious program in Seneca protocol that enables to take funds from approving customers.
Please revoke your approvals from the next addresses:
– eth: 0xbc83f2711d0749d7454e4a9d53d8594df0377c05
-arb:… https://t.co/bIG72A65Wl pic.twitter.com/cuOf9gobga— PeckShield Inc. (@peckshield) February 28, 2024
It also successfully-known that this approval malicious program would enable hackers to take customers’ funds as the neat contract used to be no longer ‘pausable’ despite the proven reality that the potential used to be there.
Seneca revoked the highlighted addresses and educated the hacker that it used to be working with safety operatives and laws enforcement brokers to trace down the stolen funds.
Dear Whitehat,
Please return the funds to the next Ethereum wallet tackle: 0xb7aF0Aa318706D94469d8d851015F9Aa12D9c53a
We’re participating with third-occasion safety companies and laws enforcement to tag the funds and title recipient wallets. Performing promptly is… pic.twitter.com/syIQQXHJSQ
— Seneca (@SenecaUSD) February 29, 2024
Crypto losses hang develop into a trendy staple within the commerce, alternatively. PeckShield Alert’s anecdote successfully-known over 600 major malicious assaults in 2023, ensuing in roughly $2.61 billion in losses. Handiest $674.9 million out of the losses were recovered.
#PeckShieldAlert 2023 noticed 600+ major hacks within the crypto explain, ensuing in ~$2.61B in losses, with $674.9M recovered.
$1.51B lost to hacks (excluding #Multichain unauthorized withdrawals) & $1.1B to scams. This marks a 27.78% lower from 2022. #DeFi protocols remained prime… pic.twitter.com/G7PIU3WyrX— PeckShieldAlert (@PeckShieldAlert) January 29, 2024
Hacks accounted for $1.51 billion in losses, excluding the Multichain community unauthorized withdrawals of roughly $200 million. Crypto scams resulted in a loss of $1.1 billion.
The total losses recorded marked a 27.78% lower from that of 2022. Meanwhile, DeFi-facing protocols were the major targets of crypto hacks and scams, with 67% of whole losses coming from that ecosystem.
Source : cryptonews.com