Cyber Incident Victim: Saddle Finance

On or around April 29, 2022, decentralized finance platform Saddle Finance suffered a security breach resulting in the theft of approximately $10.3 million worth of cryptocurrency. The incident occurred concurrently with a separate attack on Rari Capital, which lost $80 million, bringing the combined losses to $90 million. Saddle Finance publicly confirmed the theft on April 30, acknowledging the unauthorized withdrawal of funds from its platform. Blockchain security firm BlockSec intervened during the incident, successfully recovering $3.8 million of the stolen assets and returning them to Saddle Finance. The platform attempted to negotiate with the attacker by offering a bounty for the remaining funds but did not disclose whether this offer was accepted.

Following the breach, Saddle Finance initiated a reimbursement planning process for affected users, announcing its intention to put the compensation methodology to a community vote. Blockchain analytics firm PeckShield reported that 3,633 ETH (Ethereum) stolen during the attack remained in the attacker's control, while approximately 300 ETH ($850,000 at the time) had been transferred to Tornado Cash, a cryptocurrency mixing service designed to obscure transaction trails. The platform did not publicly specify the technical cause of the breach or whether vulnerabilities were patched post-incident. Saddle Finance's stablecoin trading services, which allow users to exchange cryptocurrencies pegged to fiat values, remained operational during the response period. The incident marked the second major DeFi breach within 24 hours, following Rari Capital's $80 million loss through a separate reentrancy attack vector.