The unknown hacker carried out the exploit at 07:40 AM UTC and netted about 3,540 ether ($10 million), according to on-chain data.
Saddle Finance confirmed the incident, saying its team was investigating a "possible exploit."
A smart contract audit firm called BlockSec was the first to notice the exploit and notified Saddle. BlockSec was able to rescue $3.8 million from the exploiters with an internal system that can detect and front-run hacking incidents using off-chain arbitrage bots called flashbots.
"The project was taken for around 4,900 ether ($13.8 million). Among them, 1,360 ether ($3.8 million) was rescued by us," BlockSecTeam told The Block on Twitter.
Still, the hacker made off with more than $10 million in ETH from Saddle’s liquidity pools. Saddle Finance said it was in the process of recovering the $3.8 million from BlockSec.