Analytics company CertiK warned users about the exploit, recommending that they revoke confirmations from the address on the Ethereum and Arbitrum networks.. Initially, Seneca’s losses were estimated at $3 million, but later it turned out that the attacker managed to steal more than 1,900 ETH worth about $6.4 million.
The exploit occurred due to a critical vulnerability in the so-called call in the smart contract of the protocol. The attacker could make external requests to any address. In addition, there was no code in the contracts with which the project team was able to “set a pause”. Because of this, users need to revoke permissions.
Seneca officials said they are investigating the incident along with law enforcement and security providers.. The developers asked the hacker to return 80% of the stolen funds, offering a reward of $1.2 million. The criminal will have a chance to avoid lawsuits and legal consequences.
A few hours later, the hacker returned 1,537 ETH worth $5.3 million to the project to the Ethereum address provided by the Seneca team. The hacker kept a 20% reward for himself, thereby earning 300 ETH worth about $1 million. He then forwarded these ethers to two different addresses.
At the end of 2023, another hacker who stole tokens from the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) collections agreed to return them to the p2p platform NFT Trader for a reward of 120 ETH. Previously, an attacker who attacked the Sentiment platform returned 90% of the stolen crypto assets to it.