Verify a decision

{"actor":"system:backfill","investigation_id":"a8954c24-27e8-4da3-9f9e-d40cc06f5c7f","kind":"publish","page_slug":"seneca","published_at":"2026-05-28T08:10:55.668Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Seneca","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/279761/stablecoin-protocol-seneca-hit-by-6-million-exploit-due-to-smart-contract-flaw","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/seneca-protocol-rekt","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/seneca-breach-sen-drops/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/seneca-protocol-rekt","type":"other","url":""},{"credibility":3,"name":"https://blockapex.io/seneca-protocol-hack-analysis/","type":"other","url":""},{"credibility":3,"name":"https://www.cyfrin.io/blog/seneca-attack-hack-analysis-proof-of-concept","type":"other","url":""},{"credibility":3,"name":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/","type":"other","url":""},{"credibility":3,"name":"https://revoke.cash/exploits/seneca","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/seneca-protocol-rekt","type":"other","url":""},{"credibility":3,"name":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/coinmonks/120m-rug-pulls-new-serial-hacker-arises-and-the-seneca-debacle-crypto-crimes-report-february-4a4955019ddc","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/seneca-recovers-80-of-funds-after-6-4m-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/seneca-hacker-returns-stolen-funds-exploit","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/seneca-protocol-hacker-returns-5-3m-from-the-6-4m-breach/","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/seneca-recovers-80-of-funds-after-6-4m-exploit/","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/seneca-hacker-returns-5-3m-amid-legal-threats-keeps-1m-bounty/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/seneca-protocol-rekt","type":"other","url":""},{"credibility":3,"name":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/coinmonks/120m-rug-pulls-new-serial-hacker-arises-and-the-seneca-debacle-crypto-crimes-report-february-4a4955019ddc","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://crypto.news/seneca-breach-sen-drops/","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0xcb19b6b4971bd4206bab176c75b1efe3e28ee5a8","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/seneca","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://revoke.cash/exploits/seneca","type":"other","url":""},{"credibility":3,"name":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/seneca-protocol-rekt","type":"other","url":""}]}],"sources_used":[{"credibility":2,"name":"Seneca Protocol - REKT News","type":"news_article","url":"https://rekt.news/seneca-protocol-rekt"},{"credibility":2,"name":"Stablecoin protocol Seneca hit by $6 million exploit - The Block","type":"news_article","url":"https://www.theblock.co/post/279761/stablecoin-protocol-seneca-hit-by-6-million-exploit-due-to-smart-contract-flaw"},{"credibility":2,"name":"Seneca Protocol Hack Analysis - BlockApex","type":"research","url":"https://blockapex.io/seneca-protocol-hack-analysis/"},{"credibility":2,"name":"Exploit Analysis and Proof of Concept: Seneca Attack - Cyfrin","type":"research","url":"https://www.cyfrin.io/blog/seneca-attack-hack-analysis-proof-of-concept"},{"credibility":2,"name":"Seneca Protocol hack highlights dangers of Ethereum token approval mechanism - Protos","type":"news_article","url":"https://protos.com/seneca-protocol-hack-highlights-dangers-of-ethereums-token-approval-mechanism/"},{"credibility":2,"name":"Seneca stablecoin hacker returns stolen funds - CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/seneca-hacker-returns-stolen-funds-exploit"},{"credibility":2,"name":"Seneca Recovers 80% of Funds After $6.4M Exploit - CryptoPotato","type":"news_article","url":"https://cryptopotato.com/seneca-recovers-80-of-funds-after-6-4m-exploit/"},{"credibility":2,"name":"Seneca Protocol experiences $6m breach, SEN drops 65% - Crypto News","type":"news_article","url":"https://crypto.news/seneca-breach-sen-drops/"},{"credibility":2,"name":"Seneca Protocol hacker returns 5.3M from 6.4M breach - Crypto News","type":"news_article","url":"https://crypto.news/seneca-protocol-hacker-returns-5-3m-from-the-6-4m-breach/"},{"credibility":2,"name":"Seneca Hacker Returns 5.3M Amid Legal Threats - CryptoNews","type":"news_article","url":"https://cryptonews.com/news/seneca-hacker-returns-5-3m-amid-legal-threats-keeps-1m-bounty/"},{"credibility":2,"name":"Seneca Protocol Hack Analysis - BlockApex on Medium","type":"research","url":"https://blockapex.medium.com/seneca-protocol-hack-analysis-546f3bcc1040"},{"credibility":2,"name":"2024 Seneca Hack: Check If You Are Affected - Revoke.cash","type":"other","url":"https://revoke.cash/exploits/seneca"},{"credibility":2,"name":"Crypto Crimes Report February 2024 - NEFTURE Security via Coinmonks","type":"research","url":"https://medium.com/coinmonks/120m-rug-pulls-new-serial-hacker-arises-and-the-seneca-debacle-crypto-crimes-report-february-4a4955019ddc"},{"credibility":1,"name":"SEN Token on Etherscan","type":"on_chain","url":"https://etherscan.io/token/0xcb19b6b4971bd4206bab176c75b1efe3e28ee5a8"},{"credibility":2,"name":"Seneca Protocol TVL - DefiLlama","type":"on_chain","url":"https://defillama.com/protocol/seneca"}],"summary":"Seneca is a decentralized stablecoin lending protocol that allowed users to mint senUSD against collateral. On February 28, 2024, attackers exploited a critical arbitrary external-call vulnerability in its Chamber contract, draining approximately $6.4 million from user wallets across Ethereum and Arbitrum. Approximately 80% of stolen funds were recovered after an on-chain bounty offer; however, the vulnerability had been publicly identified months before the exploit and the team proceeded to launch without patching it.","timeline":[{"date":"2023-11-15","event":"Security researcher 'cawfree' (Daniel Von Fange) identifies the arbitrary external call vulnerability in Seneca's Chamber contract during a Sherlock competitive audit contest.","source":""},{"date":"2023-11-15","event":"Seneca abruptly cancels the Sherlock audit contest, citing 'potential code licensing issues,' and announces a launch in five days without addressing the identified vulnerability.","source":""},{"date":"2023-11-20","event":"Seneca Protocol launches on Ethereum and Arbitrum with the known vulnerability present in deployed contracts.","source":""},{"date":"2023-12","event":"Halborn Security completes an audit of Seneca's contracts. The arbitrary call vulnerability is not flagged. The protocol continues operating.","source":""},{"date":"2024-02-28","event":"Attacker exploits the Chamber contract's performOperations function, draining approximately $6.4 million (1,900+ ETH and 50,000 senUSD) from user wallets across Ethereum and Arbitrum.","source":""},{"date":"2024-02-28","event":"Seneca team acknowledges the exploit, instructs users to revoke token approvals, and notes that contracts cannot be paused. Team begins deleting exploit-related messages from Discord and bans users discussing the incident.","source":""},{"date":"2024-02-28","event":"Seneca sends an on-chain message to the attacker offering a 20% bounty (approximately $1.28 million) in exchange for return of 80% of funds and no legal action.","source":""},{"date":"2024-02-29","event":"Attacker returns approximately 1,537 ETH (~$5.3 million) to Seneca's Gnosis Safe address, accepting the bounty proposal. The attacker retains approximately 300 ETH (~$1 million).","source":""},{"date":"2024-02-29","event":"SEN token price drops 65–80% from pre-exploit levels following public disclosure of the exploit.","source":""}]},"v":1}