{"id":11152,"date":"2024-02-29T10:32:43","date_gmt":"2024-02-29T08:32:43","guid":{"rendered":"https:\/\/forklog.com\/en\/seneca-protocol-vulnerability-results-in-theft-of-1900-eth\/"},"modified":"2024-02-29T10:32:43","modified_gmt":"2024-02-29T08:32:43","slug":"seneca-protocol-vulnerability-results-in-theft-of-1900-eth","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/seneca-protocol-vulnerability-results-in-theft-of-1900-eth\/","title":{"rendered":"Seneca Protocol Vulnerability Results in Theft of 1900 ETH"},"content":{"rendered":"<p>The smart contract of the Seneca omnichain protocol on Ethereum was breached by hackers, resulting in the loss of over 1900 ETH (~$6.5 million), according to analysts at Beosin.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">?<a href=\"https:\/\/twitter.com\/SenecaUSD?ref_src=twsrc%5Etfw\">@SenecaUSD<\/a> exploited for 1,900 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> (worth ~$6.5M).<\/p>\n<p>The attacker used constructed calldata parameters to call transferfrom and transfer tokens that were approved to the project&#8217;s contracts to the attacker&#8217;s address. <\/p>\n<p>The stolen funds are now held across 3 addresses.<\/p>\n<p>Revoke\u2026 <a href=\"https:\/\/t.co\/M1BwoU5jn4\">https:\/\/t.co\/M1BwoU5jn4<\/a> <a href=\"https:\/\/t.co\/sKg56m9lVl\">pic.twitter.com\/sKg56m9lVl<\/a><\/p>\n<p>\u2014 Beosin Alert (@BeosinAlert) <a href=\"https:\/\/twitter.com\/BeosinAlert\/status\/1763024503452611038?ref_src=twsrc%5Etfw\">February 29, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier, a user on X known as Spreek identified a critical approval vulnerability in the protocol, allowing for an <a href=\"https:\/\/gopluslabs.io\/token-security\/42161\/0x154388a4650D63acC823e06Ef9e47C1eDdD3cBb2\">open external call function<\/a>. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Looks like Seneca Protocol has a critical approval exploit (open external call). $3m+ lost so far across eth\/arb <a href=\"https:\/\/t.co\/MkbNShtPUm\">pic.twitter.com\/MkbNShtPUm<\/a><\/p>\n<p>\u2014 Spreek (Denver 28th-5th) (@spreekaway) <a href=\"https:\/\/twitter.com\/spreekaway\/status\/1762857769714012217?ref_src=twsrc%5Etfw\">February 28, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Researchers at SlowMist also issued a warning about the issue.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">?SlowMist Security Alert ?<\/p>\n<p>Looks like <a href=\"https:\/\/twitter.com\/SenecaUSD?ref_src=twsrc%5Etfw\">@SenecaUSD<\/a> is being exploited due to an open external call vulnerability, please revoke approvals for the following addresses ASAP!!!<\/p>\n<p>ETH: 0xBC83F2711D0749D7454e4A9D53d8594DF0377c05<br \/>ARB: 0x2d99E1116E73110B88C468189aa6AF8Bb4675ec9 <a href=\"https:\/\/t.co\/GbmxLXTtdH\">pic.twitter.com\/GbmxLXTtdH<\/a><\/p>\n<p>\u2014 SlowMist (@SlowMist_Team) <a href=\"https:\/\/twitter.com\/SlowMist_Team\/status\/1762865505042645010?ref_src=twsrc%5Etfw\">February 28, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Beosin believes the attackers used carefully constructed calldata parameters to invoke the Transferfrom function. This allowed them to transfer authorized tokens from the project&#8217;s contract to their own addresses, subsequently converting them into ETH. <\/p>\n<p>The funds were moved to three wallets.<\/p>\n<p>The Seneca protocol team is investigating the incident. Users are advised to revoke approvals for several addresses in the Ethereum and Arbitrum networks, as published by the developers.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are actively working with security specialists to investigate the approval bug found today.<\/p>\n<p>In the meantime, REVOKE approvals for the following addresses:<a href=\"https:\/\/twitter.com\/hashtag\/Ethereum?src=hash&#038;ref_src=twsrc%5Etfw\">#Ethereum<\/a><br \/>PT-ezETH 0x529eBB6D157dFE5AE2AA7199a6f9E0e9830E6Dc1<br \/>apxETH 0xD837321Fc7fabA9af2f37EFFA08d4973A9BaCe34\u2026<\/p>\n<p>\u2014 Seneca (@SenecaUSD) <a href=\"https:\/\/twitter.com\/SenecaUSD\/status\/1762886130561630227?ref_src=twsrc%5Etfw\">February 28, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The project also appealed to the hacker for the return of the funds, offering 20% of the stolen amount as a reward and cessation of further pursuit.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Dear Whitehat,<\/p>\n<p>Please return the funds to the following Ethereum wallet address: 0xb7aF0Aa318706D94469d8d851015F9Aa12D9c53a<\/p>\n<p>We are collaborating with third-party security providers and law enforcement to trace the funds and identify recipient wallets. Acting promptly is\u2026 <a href=\"https:\/\/t.co\/syIQQXHJSQ\">pic.twitter.com\/syIQQXHJSQ<\/a><\/p>\n<p>\u2014 Seneca (@SenecaUSD) <a href=\"https:\/\/twitter.com\/SenecaUSD\/status\/1762999045109248461?ref_src=twsrc%5Etfw\">February 29, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">February 29, 2024 | 13:16<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>The hacker returned 1537 ETH (~$5.3 million) to the wallet specified by the Seneca team, as reported by PeckShield experts.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> <a href=\"https:\/\/twitter.com\/SenecaUSD?ref_src=twsrc%5Etfw\">@SenecaUSD<\/a> hacker-labeled address has returned 1,537 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> (worth ~$5.3m) to <a href=\"https:\/\/twitter.com\/hashtag\/Seneca?src=hash&#038;ref_src=twsrc%5Etfw\">#Seneca<\/a>: Deployer address &#038; transferred 300 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> (~$1.04m) to 2 new addresses <a href=\"https:\/\/t.co\/hNOFMr1aTk\">pic.twitter.com\/hNOFMr1aTk<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1763109818766946512?ref_src=twsrc%5Etfw\">February 29, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>As a reward, the hacker retained the agreed 20% of the amount \u2014 300 ETH ($1 million). These assets were transferred to two new wallets.<\/p>\n<\/div>\n<p>At the time of writing, the price of the SEN token has fallen by 52% to $0.04254, according to <a href=\"https:\/\/www.coingecko.com\/en\/coins\/seneca\">CoinGecko<\/a>.<\/p>\n<p>Back in February 23, the DeFi protocol Blueberry suspended operations due to an exploit.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The smart contract of the Seneca omnichain protocol on Ethereum was breached by hackers, resulting in the loss of over 1900 ETH (~$6.5 million), according to analysts at Beosin. ?@SenecaUSD exploited for 1,900 $ETH (worth ~$6.5M). The attacker used constructed calldata parameters to call transferfrom and transfer tokens that were approved to the project&#8217;s contracts [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11151,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,44,1424],"class_list":["post-11152","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-cybercrime","tag-protocols"],"aioseo_notices":[],"amp_enabled":true,"views":"13","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/11152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=11152"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/11152\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/11151"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=11152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=11152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=11152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}