Stablecoin Project Suffers $6 Million Exploit
The Seneca stablecoin protocol recently faced a significant setback, encountering a breach that resulted in a loss exceeding $6 million across both Ethereum and Arbitrum networks.
Reports indicate that the breach was facilitated by a loophole within the protocol’s smart contract approval mechanisms, which an unidentified party exploited to divert funds.
Security analysts at Blocksec have identified the root cause of the breach as an issue related to “arbitrary call,” a term referring to an unauthorized transfer of permissions within Seneca’s smart contracts.
Notably, the project’s contracts were found lacking in a crucial feature—a pause function. Instead, users were required to manually revoke permissions. The amount of assets compromised is estimated to be over 1,900 ETH ($6 million).
Exploiting this vulnerability enabled the attacker to execute unauthorized token transfers from the project’s contract to external addresses under their control.
READ MORE: Binance Labs Invests in Bitcoin Staking with Babylon
In response to the breach, the Seneca team has urged users to revoke previously granted permissions to prevent further unauthorized transactions.
Seneca, a decentralized finance platform, allows users to mint and borrow its stablecoin, senUSD, using various crypto assets as collateral.
Following the breach, the value of the Seneca token experienced a sharp decline, dropping by over 60% from its previous value of approximately $0.1 to below $0.04.