Saddle Finance Hacked in a Furry of Transactions
Saddle Finance is a decentralized exchange focused on automatic market making on the Ethereum blockchain, for swapping low-slippage pegged assets such as tokenized BTC.
According to the team at PeckShield Inc., Saddle Finance was exploited in a flurry of transactions, thus resulting in the loss. They also added that the procedure used by the hackers looked familiar, and the initial funds used in the hack were withdrawn for Tornado Cash. They explained.
The hack is made possible due to the wrong MetaSwapUtils lib is used for calculating the swap. The latest code is deployed in 0x824dcd7b044d60df2e89b1bb888e66d8bcf41491, but the old lib 0x88cc4aa0dd6cf126b00c012dda9f6f4fd9388b17 is used. Did that ring a bell?
The initial fund (1 ETH) to launch the hack is withdrawn from @TornadoCash. Currently 3,633 ETHs of the illicit gains still stay in the hacker’s account and 300 ETHs have been deposited to Tornado Cash
Block Sec Team Saved $3.8 Million (1,360 ETH)
However, the exploit could have been worth $13.8 million were it not for the team at Block Sec, rescuing 1,360 Ethereum worth $3.8 million from the hackers.
They achieved this by using an internal system that can detect and front-run hacking incidents using off-chain arbitrage bots called flashbots. The Block Sec Team has since reached out to Saddle Finance to return the rescued Ethereum funds to the project.
[Feature image courtesy of Saddle Finance]
Source: Read Full Article