A bug in Seneca Protocol’s smart contract has allowed attackers to steal funds from users who had approved the contract. So far, around $3 million has been stolen across the Ethereum blockchain and Arbitrum layer-2.Making things worse, although the project’s smart contract inherits the Pausable module that should allow the Seneca team to halt the malfunctioning code, they never implemented the function, meaning there’s no way for them to stop the thefts. Instead, individual users must each revoke access to the flawed contract.

Total loss estimated at $1,200,000.