Advertising revenue keep this site going. We do not actively endorse ads served to us.
DYOR. Please use your due diligence while on this site.
We also do not get information from our visitors.
cryptocurrency April 30, 2022

Saddle Finance Loses More than $10M in Ethereum to DeFi Hackers 2

Advertisements

Quick take:

  • DeFi hackers have made off with over $10 million in Ethereum (3,540 ETH) from Saddle Finance
  • The loss could have been higher, but white hat hackers from Block Sec Team rescued $3.8 million worth of Ethereum (1,360 ETH)
  • The team at Saddle Finance has confirmed the hack
  • Block Sec is in the process of returning the rescued Ethereum to Saddle Finance

In yet another case of a DeFi exploit, Saddle Finance has lost 3,540 Ethereum (ETH) worth over $10 million to hackers. The team at Saddle Finance has confirmed the exploit via Twitter and gone ahead to pause metapools and restrict single-asset withdrawals.

Saddle Finance Hacked in a Furry of Transactions

Saddle Finance is a decentralized exchange focused on automatic market making on the Ethereum blockchain, for swapping low-slippage pegged assets such as tokenized BTC.

Advertisements

According to the team at PeckShield Inc., Saddle Finance was exploited in a flurry of transactions, thus resulting in the loss. They also added that the procedure used by the hackers looked familiar, and the initial funds used in the hack were withdrawn for Tornado Cash. They explained.

The hack is made possible due to the wrong MetaSwapUtils lib is used for calculating the swap. The latest code is deployed in 0x824dcd7b044d60df2e89b1bb888e66d8bcf41491, but the old lib 0x88cc4aa0dd6cf126b00c012dda9f6f4fd9388b17 is used. Did that ring a bell?

The initial fund (1 ETH) to launch the hack is withdrawn from @TornadoCash. Currently 3,633 ETHs of the illicit gains still stay in the hacker’s account and 300 ETHs have been deposited to Tornado Cash

Block Sec Team Saved $3.8 Million (1,360 ETH)

However, the exploit could have been worth $13.8 million were it not for the team at Block Sec, rescuing 1,360 Ethereum worth $3.8 million from the hackers.

They achieved this by using an internal system that can detect and front-run hacking incidents using off-chain arbitrage bots called flashbots. The Block Sec Team has since reached out to Saddle Finance to return the rescued Ethereum funds to the project.

[Feature image courtesy of Saddle Finance]