Hacker of Seneca stablecoin returns pilfered funds following $6.4M breach

Seneca, a stablecoin protocol, is offering a 20% reward to the person who managed to access over $6.4 million in digital assets by exploiting a bug in the protocol’s smart contract. Various blockchain security firms, including CertiK, discovered the exploit and warned users to revoke approvals on the Ethereum and Arbitrum networks. Initially, the estimated losses were $3 million, but it was later found that over 1,900 Ether (ETH) equivalent to $6.4 million had been taken. CertiK explained that the exploit occurred due to a critical vulnerability in the smart contract, allowing the attacker to make external calls to any address. CertiK’s Joe Green emphasized the importance of paying attention to external calls, especially during contract upgrades. Seneca is currently working with specialists to investigate the incident and has offered a $1.2 million reward for the return of the stolen funds. In an on-chain message, Seneca requested the hacker to return 80% of the funds to an Ethereum address, allowing them to keep the remaining 20%. Seneca also stated that it is collaborating with security providers and law enforcement to trace the funds and urged the hacker to act promptly to avoid legal consequences. The hacker subsequently returned around 1,537 ETH, worth approximately $5.3 million, to the specified wallet address while keeping 300 ETH and accepting the 20% bounty. The exploiter then transferred the ETH to two different addresses.