Abracadabra.Money Hit by $13 Million Exploit Amid GMX Integration Breach

• $13 million in Ethereum stolen from Abracadabra.Money’s GMX-integrated pools.
• GMX’s core contracts remain secure, limiting the exploit to Abracadabra’s cauldrons.
• Stolen funds moved from Arbitrum to Ethereum, dispersed across three addresses.

A massive security failure resulted in digital thieves obtaining approximately $13 million from decentralized finance operations. On March 25 PeckShield reported that attackers had struck Abracadabra.Money smart contracts alongside their GMX V2 integration during a network breach. The thieves transferred money through Arbitrum while moving the stolen 6,260 Ethereum (ETH) from the network to Ethereum via a blockchain bridge.

Source; Peckshield

The Impact on GMX and Abracadabra

Abracadabra.Money is a DeFi platform specializing in lending and borrowing and was the prominent protocol in the hack. Its protocol was hacked in Abracadabra’s “cauldrons,” smart contracts designed to facilitate DeFi activities including lending and liquidity provision. These cauldrons rely on GMX’s V2 liquidity pools, which were used in this instance, compromising the integration.

GMX’s core contracts initially experienced challenges yet GMX clarified this situation through one of its representatives. GMX communications contributor Jonezee assured the community about the safety of GMX contracts. Jonezee clarified that the breach affected only Abracadabra’s GMX V2 pools and did not impact the GMX platform. The released statement intended to reassure users regarding GMX’s general security framework.

Exploit Methodology and Stolen Funds Movement

Crypto forensics firm AMLBot provided insight into the mechanics of the hack. According to their investigation, the hacker funded an address using the Tornado Cash cryptocurrency mixer before the attack. The stolen Ethereum was then moved through the Arbitrum network and bridged to Ethereum. The stolen funds were subsequently distributed across three separate addresses.

Source: AMLBot

The breach at Abracadabra.Money only affected their smart contracts, but general concerns exist about security within integrated DeFi protocols. Abracadabra.Money experienced a security breach shortly after losing $6.49 million through a similar incident while its Magic Internet Money (MIM) stablecoin lost its peg to the US dollar.

After the breach the Abracadabra.Money team declared their commitment to investigating the incident. GMX users received confirmation that its contracts remained free from any issues. DeFi platforms are exposed to attack vulnerabilities mainly when working with multiple protocols. The investigation teams from GMX, alongside Abracadabra are dedicated to detecting the breach source while building prevention measures for future attacks.