The hacker who gained access to around $6.4 million in ETH from the Seneca stablecoin exploit has returned over $5 million to the project after accepting a 20% bounty.
Stablecoin protocol Seneca has offered a 20% bounty to the exploiter who gained access to at least $6.4 million in digital assets after exploiting an approval mechanism bug in the protocol’s smart contract.
On Feb. 28, multiple blockchain security firms flagged the exploit on the stablecoin protocol. Companies like CertiK warned users about the exploit, urging them to revoke approvals from an address on the Ethereum and Arbitrum networks. Initial estimates of the losses were at $3 million, but it was later found that over 1,900 Ether (ETH), worth about $6.4 million, were taken from the exploit.
Security analysts at CertiK explained that the exploit happened due to a critical “call” vulnerability in the protocol’s smart contract. This vulnerability allowed the attacker to perform external calls to any address.