Hack Alert - Seneca Protocol Hacked For $6.4M
Quick Summary
Seneca Protocol experienced a significant security breach today (Feb 28th 2024), resulting in a sharp 67% drop in the value of its SEN token.
According to CertiK, the attacker exploited a vulnerability in the protocol, initially stealing approximately $3 million worth of digital assets.
The attacker then transferred 1,000 ETH across two externally owned accounts (EOAs), increasing the estimated loss to about $6.4 million.
The vulnerability stemmed from a function within Seneca protocol's smart contract code called 'performOperations,' which lacked proper validation for its inputs and was accessible to external calls.
The attacker crafted specific data to exploit this function, triggering a condition that enabled them to invoke any other contract on the blockchain with arbitrary data.
This capability allowed the attacker to interact with other contracts, masquerading as vulnerable ones, and transfer assets from addresses previously authorized to the now-compromised contracts.
It seems even though the contract has logic in place to pause operations, the pause button doesn’t actually work..
What Could I Have Done To Protect Myself As A Crypto User?
Based on the exploit on Seneca Protocol, a key recommendation to protect oneself as a crypto user would be to limit approvals. Specifically, you should carefully review and restrict the permissions granted to smart contracts, especially those involving significant amounts of assets or sensitive operations. This involves being cautious about approving contracts to spend or transfer funds on behalf of the user's wallet, particularly if the contract's functionality is not fully understood or if it lacks proper input validation.