Seneca Protocol, a stablecoin protocol, has suffered a significant exploit resulting in the loss of over $6 million (~$6.5M), including 1,900 $ETH, due to a critical smart contract flaw involving an open external call vulnerability. Security firms including SlowMist and Peckshield have issued alerts urging users to revoke approvals for specific addresses associated with Ethereum (ETH) and Arbitrum (ARB) to prevent further losses of $3m+. The exploit has highlighted the risks associated with Ethereum's token approval mechanism. It has been reported that the attacker utilized constructed calldata parameters to transfer approved tokens to their addresses, with the stolen funds now spread across three different addresses.
Sources
The Block
Stablecoin protocol Seneca hit by $6 million exploit due to smart contract flaw https://t.co/jNRNFTwdJd
Beosin Alert🚨@SenecaUSD exploited for 1,900 $ETH (worth ~$6.5M). The attacker used constructed calldata parameters to call transferfrom and transfer tokens that were approved to the project's contracts to the attacker's address. The stolen funds are now held across 3 addresses. Revoke… https://t.co/sKg56m9lVl https://t.co/M1BwoU5jn4
Revoke.cash ⚠️ Seneca exploited ⚠️ @SenecaUSD was exploited earlier today, with approved user funds at risk. Millions were stolen from users of the protocol. If you've used Seneca in the past, we recommend checking if you're at risk using our Exploit Checker 👇 https://t.co/Pmp4Ljosfe
Additional media
