Seneca Hacker Returns $5.3M Amid Legal Threats, Keeps $1M Bounty

Author: CoinSense

After exploiting a vulnerability in the Seneca protocol on Wednesday, a hacker returned $5.3 million in stolen funds to the project on February 29.

The returned amount represents 80% of the reported $6.4 million stolen funds.

The hacker agreed to accept a 20% bounty, amounting to $1.28 million, as recognition for identifying the vulnerability within the smart contract.

Seneca Hacker Brings in 300 ETH

Blockchain security firm Peckshield reported on X (formerly Twitter) that the total Seneca funds returned is 1,537 ETH.

The hacker reportedly transferred 20% of the overall loot, amounting to 300 ETH, to two different crypto wallet addresses. This amount serves as the reward promised by the Seneca team for finding the bug in the project’s smart contract framework.

This development marks a significant step towards mitigating the impact of the exploit, with the Seneca team commending the collaboration with the hacker. The blockchain project lauded the Seneca funds returned through a white hat request as an “optimistic scenario” by the blockchain project.

The team provided further insights and revealed that the exploit targeted users’ wallets. Importantly, the hacker couldn’t access funds directly deposited into the project, which was its total value locked (TVL).

Despite Halborn Security’s audit of the Chamber Code smart contract prior to its deployment, a critical oversight was discovered within the segment of the code managing users’ wallets, which is why the exploit was not all-encompassing and only affected a section of its protocol.

The blockchain project stated that it’s still gathering information on the exploit and will release a post-mortem update in the coming days.

Seneca Exploit, What Happened?

Seneca is a decentralized finance (DeFi) protocol that allows users to stake the native token $SEN to earn variable amounts of yields on them.

PeckShield Inc. first noticed the attack, revealing a critical approval bug in the Seneca protocol.

It also noted that this approval bug would allow hackers to steal users’ funds as the smart contract was not ‘pausable’ even though the capacity was there.

Seneca revoked the highlighted addresses and informed the hacker that it was working with security operatives and law enforcement agents to track down the stolen funds.

Crypto losses have become a normal staple in the industry, however. PeckShield Alert’s report noted over 600 major malicious attacks in 2023, resulting in roughly $2.61 billion in losses. Only $674.9 million out of the losses were recovered.

Hacks accounted for $1.51 billion in losses, excluding the Multichain network unauthorized withdrawals of roughly $200 million. Crypto scams resulted in a loss of $1.1 billion.

The total losses recorded marked a 27.78% decrease from that of 2022. Meanwhile, DeFi-facing protocols were the principal targets of crypto hacks and scams, with 67% of total losses coming from that ecosystem.