A safety flaw in Abracadabra’s sensible contracts has led to a serious exploit, with a hacker draining round 6,262 ETH—valued at roughly $13 million—from the protocol’s liquidity swimming pools.
The assault, recognized as a flash mortgage exploit, was initially flagged by blockchain safety agency PeckShield.
Abracadabra’s lending system, generally known as “cauldrons,” integrates with GMX liquidity swimming pools to facilitate borrowing and lending. The hacker reportedly manipulated the liquidation course of within the GMX V2 integration, exploiting a weak point that allowed them to extract funds from the protocol.
Blockchain researcher Weilin Li analyzed the incident, noting that the attacker used a flash mortgage to set off self-liquidation. Flash loans, a DeFi function permitting customers to borrow funds with out collateral so long as they’re repaid throughout the identical transaction block, performed a key position within the exploit.
The attacker borrowed Abracadabra’s stablecoin, Magic Web Cash (MIM), and executed a multi-step technique to convert the debt into money, making the most of liquidation incentives.
Regardless of the breach, a GMX developer confirmed that the assault didn’t compromise GMX’s core contracts. The stolen funds have been later transferred from Arbitrum to Ethereum.
This isn’t the primary safety incident for Abracadabra. In January 2024, one other exploit focusing on its MIM stablecoin led to a $6.5 million loss, elevating issues over the protocol’s ongoing vulnerabilities.
