Fun

Decentralized lending platform Seneca exploited for $6.4M

News Feed - 2024-02-29 10:02:24

Christopher Roark10 hours agoDecentralized lending platform Seneca exploited for $6.4MThe Seneca lending protocol was exploited through its ‘performOperations’ function, and over $6M of collateral was drained from it.1161 Total views7 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksDecentralized finance (DeFi) lending platform and stablecoin issuer Seneca Protocol has been exploited, according to a Feb. 28 statement on the protcol’s official X account. In a report seen by Cointelegraph, blockchain analytics firm CertiK estimated the losses at $6.4 million so far. The Seneca team urged users to revoke approvals for the affected contracts. Its staff are “currently working with security specialists to investigate the bug,” they stated.We are actively working with security specialists to investigate the approval bug found today.

In the meantime, REVOKE approvals for the following addresses:#Ethereum

PT-ezETH 0x529eBB6D157dFE5AE2AA7199a6f9E0e9830E6Dc1

apxETH 0xD837321Fc7fabA9af2f37EFFA08d4973A9BaCe34…— Seneca (@SenecaUSD) February 28, 2024


Seneca Protocol is a DeFi lending app that allows users to deposit a variety of cryptocurrencies as collateral, which then can be used to mint and borrow the protocol’s native stablecoin, SenecaUSD.


Blockchain data shows that an account ending in 42DC was able to transfer approximately 1,385.23 Pendleton Kelp restaked Ether (PT Kelp rsETH) from a Seneca collateral pool, which it did by calling the “performOperations” function. The account subsequently swapped these tokens for approximately $4 million worth of Ether (ETH) over the course of three transactions. After these swaps, the account transferred an additional 717.04 ETH derivative tokens from various collateral pools and swapped them for ETH.Seneca attack transactions. Source: Etherscan.


In its report, CertiK claimed that these transfers were malicious. They were made possible because the protocol contains a flaw in its “performOperations” function, the report stated. The bug allows any account to call the function while specifying OPERATION_CALL as the action to be performed. This allows the attacker to “perform external calls to any address as the callee and callData are fully controlled by the attacker.” As a result, the attacker was able to drain funds from the collateral pool that it didn’t own, CertiK claims.


Blockchain investigator Spreek also warned users about the exploit on X, stating that it represented a “critical vulnerability.” Spreek suggested that users should revoke approvals of the addresses used in the exploit.


Related:Serenity Shield’s token falls nearly 99% after MetaMask wallet breach


According to security researcher ddimitrov22, Seneca is suffering from an additional vulnerability that prevents developers from pausing the Seneca contracts, as the pause and unpause functions in them contain the keyword “internal,” which means “there is no way to call them.”The Seneca protocol is hacked and it cannot be paused even though it inherits the Pausable library.

This is because the `_pause` and `_unpause` functions are internal and there is no way to call them. pic.twitter.com/en0qIsayMX— ddimitrov22 (@ddimitrovv22) February 28, 2024


In its post acknowledging the attack, the development team stated that they are conducting an investigation and will post an update “shortly.”


Hacks and exploits continue to threaten Web3 users in 2024. On Feb, 23, Axie Infinity co-founder Jeff “Jihoz” Zirlin lost $9.7 million from a hack of his personal wallets. On the same day, DeFi protocol Blueberry was exploited for 457 ETH.# Blockchain# Ethereum# Hackers# Cybersecurity# Hacks# DeFiAdd reactionAdd reactionRead more

News Feed

Ana Paula Pereira14 hours agoHuobi’s TVL drops to $2.5B amid rumors of insolvency, investigations in ChinaThe exchange faces ongoing rumors about its stablecoins reserves and an alleged investigation by Chinese authori
XRP Forms Bullish Flag Pattern: What’s Next For The Altcoin?
Este artículo también está disponible en español. XRP is capturing attention across the crypto market as it forms a bullish flag pattern, a classic technical setup often
$9 Billion in Bitcoin: Court Trustee Says Mt Gox Rehabilitation Plan ‘Final and Binding’
$9 Billion in Bitcoin: Court Trustee Says Mt Gox Rehabilitation Plan "Final and Binding" Mt Gox claimants may see restitution soon as a recent filing from the Tokyo District Court&
Fidelity Investments Launching Commission-Free Retail Crypto Trading for Bitcoin and Ether
Fidelity Investments Launching Commission-Free Retail Crypto Trading for Bitcoin and Ether Fidelity Investments, one of the world’s largest brokerage firms with $9.9 trillio
The Bitcoin Cash Network’s Block Reward Officially Halved – Block 630,000 Mined
The Bitcoin Cash Network"s Block Reward Officially Halved - Block 630,000 Mined On April 8, 2020, the Bitcoin Cash network’s block reward halved as of block 630,000 and BCH
Microsoft Reportedly Shutting Down Industrial Metaverse Focused Group
Microsoft Reportedly Shutting Down Industrial Metaverse Focused Group Software giant Microsoft is shutting down one of its most significant groups dedicated to the development and
Biggest Movers: ADA, XRP Rebound From Recent Losses on Friday
Biggest Movers: ADA, XRP Rebound From Recent Losses on Friday Cardano climbed for a second consecutive session on Dec. 23, as the token surged to its highest point since Monday. O
Exodus wallet posts 80% rise in Q2 revenue with $9.6M in losses
Helen Partz11 hours agoExodus wallet posts 80% rise in Q2 revenue with $9.6M in lossesExodus’ operating revenue in Q2 2024 was primarily driven by the wallet’s exchange aggregation service, which netted $19.9 million
David Attlee13 hours agoKazakhstan’s authorities confirm they blocked access to Coinbase: ReportThe authorities cited the Law on Digital Assets, enacted in February 2023, that forbids the issuance and trading of digita
Tom Mitchelhill8 hours agoCFTC investigators conclude ex-Celsius CEO Mashinsky broke US rules: ReportIf a majority of CFTC commissioners agree with the conclusion, the regulator could file a case in federal court.2637 To
Socialite and Model Alexis Ren Doesn’t Trust the Dollar Economy, Says Crypto Is a Viable Alternative
Socialite and Model Alexis Ren Doesn"t Trust the Dollar Economy, Says Crypto Is a Viable Alternative The American social media personality and model, Alexis Ren believes the fiat e
U.S. CFPB flags risks in virtual worlds’ crypto economy
Amaka Nwaokocha54 minutes agoU.S. CFPB flags risks in virtual worlds’ crypto economyThe agency noted that crypto assets in virtual environments like Decentraland and The Sandbox can be exchanged for fiat currency on ot