Seneca Protocol, a stablecoin protocol, has suffered a significant exploit resulting in the loss of over $6 million (~$6.5M), including 1,900 $ETH, due to a critical smart contract flaw involving an open external call vulnerability. Security firms including SlowMist and Peckshield have issued alerts urging users to revoke approvals for specific addresses associated with Ethereum (ETH) and Arbitrum (ARB) to prevent further losses of $3m+. The exploit has highlighted the risks associated with Ethereum's token approval mechanism. It has been reported that the attacker utilized constructed calldata parameters to transfer approved tokens to their addresses, with the stolen funds now spread across three different addresses.
Stablecoin protocol Seneca hit by $6 million exploit due to smart contract flaw https://t.co/jNRNFTwdJd
🚨@SenecaUSD exploited for 1,900 $ETH (worth ~$6.5M). The attacker used constructed calldata parameters to call transferfrom and transfer tokens that were approved to the project's contracts to the attacker's address. The stolen funds are now held across 3 addresses. Revoke… https://t.co/sKg56m9lVl https://t.co/M1BwoU5jn4
⚠️ Seneca exploited ⚠️ @SenecaUSD was exploited earlier today, with approved user funds at risk. Millions were stolen from users of the protocol. If you've used Seneca in the past, we recommend checking if you're at risk using our Exploit Checker 👇 https://t.co/Pmp4Ljosfe
Seneca Protocol hack highlights dangers of Ethereum’s token approval mechanism https://t.co/TPXw1kUFjw
Seneca Protocol bug enables at least $3 million in stolen user funds February 28, 2024 https://t.co/FZZKuoVfks https://t.co/G8QAs8S6mA
BREAKING: SENECA USD $SEN HAS BEEN EXPLOITED FOR $3M PER CERTIK
Hi @SenecaUSD We have confirmed the critical approval bug in Seneca protocol that allows to steal funds from approving users. Please revoke your approvals from the following addresses: - eth: 0xbc83f2711d0749d7454e4a9d53d8594df0377c05 -arb:… https://t.co/cuOf9gobga https://t.co/bIG72A65Wl
🚨SlowMist Security Alert 🚨 Looks like @SenecaUSD is being exploited due to an open external call vulnerability, please revoke approvals for the following addresses ASAP!!! ETH: 0xBC83F2711D0749D7454e4A9D53d8594DF0377c05 ARB: 0x2d99E1116E73110B88C468189aa6AF8Bb4675ec9 https://t.co/GbmxLXTtdH
Looks like Seneca Protocol has a critical approval exploit (open external call). $3m+ lost so far across eth/arb https://t.co/MkbNShtPUm