Seneca, a decentralized finance (DeFi) technology, was targeted for around $6.4 million in user funds on February 25. The hacker took advantage of a vulnerability in Seneca’s smart contract technology, which allowed for arbitrary contract calls.
Approximately $3 million in funds were stolen and transferred between two hacker-controlled wallets. The attacker continued the attack, causing an estimated loss of $6.4 million before the procedure was suspended.
The performOperations function in Seneca’s contracts allowed external calls without adequate input validation. This error enabled the attacker to use other blockchain contracts to drain assets from addresses that have approved Seneca transfers.
Seneca intends to function as an omnichain collateralized debt position protocol, allowing yield-bearing cryptocurrency assets to be used as collateral for borrowing its stablecoin, senUSD. The native SEN token serves multiple functions in governance, fees, and rewards.
The team is still looking at vulnerability details and how to improve security measures before resuming operations. They warn users not to interact with any Seneca contracts at this time.
Read also: Nigerian Crypto Crime Fighters Are Trained by A&D Forensics
