Seneca Hack: $6.4M Exploited, Users Urged to Revoke Approvals

Sentiment: Negative

Decentralized finance platform Seneca Protocol faces a $6.4 million exploit due to a critical vulnerability, highlighting ongoing security risks in the DeFi space.

In a significant blow to the decentralized finance (DeFi) community, Seneca Protocol, a prominent lending platform, fell victim to an exploit, resulting in an estimated loss of $6.4 million. The incident, disclosed through the protocol's official social media account on February 28th, underscores the persistent security challenges within the evolving landscape of Web3.

The exploit targeted a vulnerability in Seneca Protocol's "performOperations" function, a critical component in its lending infrastructure. Blockchain analytics firm CertiK uncovered the flaw, which allowed an attacker to manipulate external calls and drain funds from the collateral pools. The assailant successfully siphoned off approximately $4 million worth of Ether (ETH) alongside additional tokens from the affected pools.

Seneca Protocol enables users to leverage various cryptocurrencies as collateral to mint and borrow its native stablecoin, SenecaUSD. The platform swiftly responded to the exploit, urging users to revoke approvals for the compromised contracts. Assuring their commitment to security, Seneca's team is actively collaborating with security specialists to investigate and rectify the identified vulnerability.

Security researcher ddimitrov22 identified an additional concern, a separate vulnerability preventing developers from pausing Seneca contracts. This revelation amplifies the urgency of addressing systemic issues within the platform's security infrastructure. The development team is currently investigating this matter and pledges to provide an update on their findings in the near future.

This incident marks another entry in the growing list of security breaches within the Web3 space. The broader context includes the recent hacking of Axie Infinity co-founder's wallet, resulting in a staggering loss of $9.7 million, and the theft of 457 ETH from DeFi protocol Blueberry, both occurrences on February 23rd. These events underscore the imperative for constant vigilance and robust security measures in the DeFi ecosystem.

• CertiK identified a vulnerability in Seneca Protocol's "performOperations" function, leading to an estimated $6.4 million exploit.

• The attacker successfully drained $4 million worth of ETH from Seneca collateral pools.

• Seneca Protocol urged users to revoke approvals for affected contracts and is actively collaborating with security specialists for a comprehensive investigation.

• Additional concerns regarding a separate vulnerability preventing the pausing of Seneca contracts were highlighted by security researcher ddimitrov22.

• The incident contributes to the growing list of security breaches in the Web3 space, emphasizing the need for heightened security measures within the DeFi ecosystem.