Exploit Leads to $6 Million Loss on Seneca Stablecoin Protocol
A stablecoin protocol called Seneca recently experienced an exploit that resulted in a loss of over $6 million on the Ethereum and Arbitrum networks.
The exploit was traced back to an issue within Seneca’s smart contract approval mechanisms, which allowed attackers to divert funds.
Root Cause Identified by Security Analysts
Blocksec, a team of security analysts, identified the root cause of the breach as an “arbitrary call issue” within Seneca’s smart contracts.
Unlike other protocols, Seneca’s contracts did not have code that would allow the team to pause it. Instead, users had to revoke permissions. This vulnerability enabled the attacker to make unauthorized transfers of tokens from the project’s contract to an external address controlled by them.
The stolen assets amount to more than 1,900 ETH ($6 million).
“The root cause was an arbitrary call issue, hence approvals to the vulnerable contract can be transferred out,” explained Blocksec CTO Lei Wu.
Seneca Team Acknowledges Incident
The Seneca team acknowledged the incident and advised users to revoke previously granted permissions in order to prevent further unauthorized transactions.
About Seneca Stablecoin Protocol
Seneca is a decentralized finance project that allows users to mint and borrow its stablecoin, senUSD, using other crypto assets as collateral. This mechanism is known as a collateralized debt position (CDP).
Token Value Plummets Following Exploit
Following the exploit, the value of the Seneca token plummeted by over 60%, dropping from approximately $0.1 to under $0.04.
Hot Take: Seneca Stablecoin Protocol Suffers Major Loss in Exploit
A stablecoin protocol called Seneca recently fell victim to an exploit that resulted in a loss of more than $6 million. The exploit was due to an issue within the protocol’s smart contract approval mechanisms, allowing attackers to divert funds. Security analysts identified the root cause as an “arbitrary call issue” within Seneca’s smart contracts. Unlike other protocols, Seneca’s contracts did not have code to pause it, requiring users to revoke permissions. As a result, the attacker made unauthorized transfers of tokens from the project’s contract to their own address. The Seneca team acknowledged the incident and urged users to revoke permissions to prevent further unauthorized transactions. This exploit caused the value of the Seneca token to drop by over 60%.
By
By
By
By
By
By