Hacker behind Seneca Protocol breach relinquishes $5.3m out of the $6.4m stolen funds.
The mastermind behind the Seneca Protocol hack has returned $5.3 million worth of Ethereum (ETH) to the Seneca team shortly after stealing $6.4 million in a security validation exploit.
According to a recent disclosure from Peck Shield, a blockchain security firm, the hacker performed a precise transfer of 1,537 ETH to a Seneca address. On-chain data supports this claim, showing that the transaction was carried out through three separate transactions.
The hacker initially stole 1,907 ETH during the breach on February 28, as reported by crypto.news. The hack resulted in a significant 65% drop in the price of SEN and took advantage of a vulnerability within a function of the Seneca smart contract.
Notably, the function lacked proper input validation, allowing anyone to initiate external calls. The hacker first diverted 907 ETH, valued at $3 million, before stealing 1,000 ETH tokens and distributing them equally to two newly created external wallets.
Shortly after the exploit, the Seneca team appealed to the hacker to return the funds to a newly activated address. Despite ongoing collaboration with law enforcement, they promised not to pursue legal action if the hacker returned 80% of the funds and kept 20% as a reward.
Interestingly, a few hours after transferring the 1,000 ETH to the new wallets, the exploiter returned all the tokens to the new Seneca address. This restitution was done through two separate transactions, each amounting to 500 ETH, executed at 5:09 (UTC) on February 29 from the external wallets.
Just two minutes after sending 1,000 ETH to Seneca, the hacker transferred 537 ETH, worth $1.86 million, to the same Seneca address. The recipient address for these transfers was activated by the Seneca team on February 29 and currently holds all the returned funds.
Following the transfer of the 1,537 ETH to the Seneca address, the primary address involved in the exploit then proceeded to move 300 ETH, equivalent to $1.03 million, through two transactions to two different new external wallets. This transaction could potentially represent the hacker’s reward.
