On Thursday, February 29, 2023, blockchain security platform CertiK Alert reported that the hacker responsible for the Seneca protocol breach had returned 1,537 ETH (approximately $5.3 million) to the project.
CertiK also revealed that the attacker retained 300 ETH, which was transferred into two new crypto wallets. Interestingly, this 300 ETH represents the exact 20% bounty that the Seneca team had offered as a reward for their “white hat efforts.”
The hack, which occurred less than a day ago, was initially reported to result in a $3 million loss from the protocol. Moreover, cybersecurity experts further discovered that the protocol experienced a greater fund loss, which amounts to over 1,900 ETH worth over $6.4 million.
According to CertiK, the exploited smart contracts comprised a function known as “performOperations,” which could be called from external sources but didn’t have adequate input validation. The function also contained an “if” statement, which can be used to determine the actions to be performed.
The smart project’s contracts lacked a function that would have enabled the development team to pause the network amid the hack. Thus, the platform requested that users revoke permissions.
After the hack, a smart contract security researcher with the pseudonym Ddimitrov22 warned Seneca’s users of another technical challenge that made it difficult to pause the protocol after the hack. He explained that it was impossible because the protocol’s pause and unpause functions are embedded in its code, and thus it was unfeasible to asses them externally.
The recent development has spurred tons of concerns within the broader crypto market regarding the need for sophisticated security audits on crypto protocols before they are deployed.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
