Seneca Protocol, a decentralized finance (DeFi) lending platform and stablecoin issuer, has fallen victim to an exploit, resulting in estimated losses of $6.4 million. The incident, reported on Feb. 28 via the protocol’s official X account, has raised concerns among users and security experts.
According to a report by blockchain analytics firm CertiK, the exploit allowed an account ending in 42DC to transfer approximately 1,385.23 Pendleton Kelp restaked Ether (PT Kelp rsETH) from a Seneca collateral pool. This was achieved by calling the “performOperations” function, enabling the attacker to swap these tokens for approximately $4 million worth of Ether (ETH). Subsequent transactions involved the transfer of additional ETH derivative tokens from various collateral pools, which were also swapped for ETH.
CertiK identified a critical flaw in the protocol’s “performOperations” function, which allowed the attacker to execute external calls to any address with controlled callData. This vulnerability enabled the unauthorized draining of funds from collateral pools not owned by the attacker, resulting in substantial losses.
Blockchain investigator Spreek highlighted the exploit’s severity and advised users to revoke approvals of the addresses involved in the attack. Additionally, security researcher ddimitrov22 identified an additional vulnerability in Seneca’s contracts, preventing developers from pausing them due to internal function limitations.
The Seneca development team acknowledged the attack and initiated an investigation. They committed to providing updates shortly as they work to address the vulnerabilities and prevent similar incidents in the future.
The Seneca exploit adds to the growing list of hacks and exploits targeting Web3 users in 2024. Notably, Axie Infinity co-founder Jeff “Jihoz” Zirlin suffered a $9.7 million loss from a personal wallet hack, while the DeFi protocol Blueberry was exploited for 457 ETH on the same day.
As the crypto ecosystem evolves, maintaining vigilance against potential exploits and collaborating on security measures become increasingly critical. The Seneca exploit underscores the importance of robust protocols and proactive risk management to safeguard user funds and maintain trust in decentralized financial systems.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up