Stablecoin protocol Seneca suffered an exploit, leading to a loss of more than $6 million on Ethereum and Arbitrum networks.
The exploit was pinpointed to an issue within the protocol’s smart contract approval mechanisms — which was exploited by attackers to divert funds.
Security analysts from Blocksec identified the root cause of the breach as an “arbitrary call issue” within Seneca’s smart contracts.
The project’s contracts didn’t have code that could let the team pause it — instead, users had to revoke permissions. The stolen assets are reported to be more than 1,900 ETH ($6 million).
This vulnerability allowed the attacker to make unauthorized transfers of tokens from the project’s contract to an external address controlled by the attacker.
“The root cause was an arbitrary call issue, hence approvals to the vulnerable contract can be transferred out,”
Blocksec CTO Lei Wu.
The Seneca team acknowledged the incident and urged users to revoke previously granted permissions in an effort to prevent further unauthorized transactions.
Seneca is a decentralized finance project that allows users to mint and borrow its stablecoin, senUSD, against other crypto assets — a stablecoin mechanism also called a collateralized debt position.
The Seneca token went down by more than 60% following the exploit — dropping from around $0.1 to under $0.04.