The decentralized finance (DeFi) protocol Seneca was exploited for roughly $6.4 million in user funds on February 25th. The hacker exploited a vulnerability in Seneca’s smart contract code that allowed arbitrary contract calls.
The performOperations function within Seneca’s contracts enabled external calls without proper input validation. This oversight allowed the attacker to invoke other contracts on the blockchain and drain assets from addresses that had approved transfers to Seneca.
Around $3 million in funds were stolen and moved across two hacker-controlled wallets. The attacker extended the attack, bringing the estimated loss to $6.4 million before the protocol was paused.
Seneca aims to serve as an omnichannel collateralized debt position protocol, allowing the use of yield-bearing crypto assets as collateral for borrowing its senUSD stablecoin. The native SEN token plays various roles in governance, fees, and rewards.
The team is still investigating vulnerability details and how to enhance security measures before resuming operations. They advise users not to interact with any Seneca contracts for now.
Also Read: DeFi Protocol Blueberry Pause Lending Amid Mystery Exploit