The cryptocurrency community has been shaken by yet another security breach, this time impacting the stablecoin protocol Seneca. A sophisticated cyber-attack resulted in the theft of funds exceeding $6 million from Seneca’s reserves on both the Ethereum and Arbitrum networks. This incident adds to a growing list of security challenges facing the digital asset industry.
Critical Flaw Leads to Massive Theft
The perpetrators exploited a vulnerability in the protocol’s smart contract approval process, siphoning off assets worth over 1900 Ethereum (ETH). The exploit was identified by Blocksec security experts as an “arbitrary call issue,” which the attackers used to initiate unauthorized token transfers to their own wallets.
Seneca’s infrastructure lacked a critical feature that would allow the team to suspend smart contract operations in the event of a breach. Consequently, users had to withdraw permissions manually, a process that inevitably introduced delays and exposed the protocol to further risks.
Blocksec’s CTO, Lei Wu, highlighted the arbitrary call issue as the primary loophole that facilitated the breach. The Seneca team quickly confirmed the hack and urged users to revoke permissions to forestall additional illicit transactions.
Seneca’s Stablecoin Value Tumbles
As part of its decentralized finance offerings, Seneca allows users to mint and borrow its stablecoin, senUSD, by pledging other cryptocurrencies as collateral. The hack’s revelation prompted a drastic fall in senUSD’s price, which plummeted by over 60%, dropping from $0.1 to under $0.04. This severe devaluation reflects the hack’s extensive damage and the resulting loss of confidence among investors in Seneca’s security measures.
