Seneca Protocol hacker returns $5.3m from the $6.4m breach
The individual behind the Seneca Protocol hack has returned $5.3 million in Ethereum (ETH) to the Seneca team shortly after stealing $6.4 million in a security validation exploit.
Per a recent disclosure from Peck Shield, a blockchain security firm, the hacker executed a precise transfer of 1,537 ETH to a Seneca address. On-chain data substantiates this claim, indicating that the transaction occurred through three separate transactions.
The hacker stole 1,907 ETH during a breach on Feb. 28, as reported by crypto.news. The hack, which led to a massive 65% collapse in the price of SEN, exploited a vulnerability within a function of the Seneca smart contract.
Significantly, the function lacked proper input validation, allowing anyone to initiate external calls. The hacker first diverted 907 ETH valued at $3 million before stealing 1,000 ETH tokens, distributing them equally to two newly created external wallets.
Shortly after the exploit, the Seneca team implored the hacker to return the funds to a newly activated address. Despite confirming ongoing collaboration with law enforcement, they promised not to take any legal action if the hacker returned 80% of the funds and kept 20% as a bounty.
Curiously, a few hours after transferring the 1,000 ETH to the new wallets, the exploiter returned all tokens to the new Seneca address. This restitution took the form of two separate transactions, each amounting to 500 ETH, executed at 5:09 (UTC) on Feb. 29 from the external wallets.
Two minutes after sending 1,000 ETH to Seneca, the hacker transferred 537 ETH worth $1.86 million to the same Seneca address. The recipient address for these transfers was activated by the Seneca team on Feb. 29 and currently holds all the returned funds.
Following the transfer of the 1,537 ETH to the Seneca address, the primary address involved in the exploit then proceeded to shift 300 ETH, equivalent to $1.03 million, through two transactions to two distinct new external wallets, a transaction that could represent the hacker’s bounty.