Decentralized lending protocol Abracadabra.Cash has suffered one other devastating safety breach, ensuing within the lack of roughly $13 million value of Ether (ETH).
The exploit, which was detected on March 25 by blockchain safety agency PeckShield, particularly focused swimming pools using GMX tokens.
.@GMX_IO @MIM_Spell associated contracts have been hacked for ~6,260 ETH (value ~$13M) pic.twitter.com/LZzMADWB3n
— PeckShield Inc. (@peckshield) March 25, 2025
This marks the second important assault on the platform this yr, following a $6.49 million breach in January that led to the depegging of its Magic Web Cash (MIM) stablecoin.
The current incident noticed malicious actors draining 6,260 ETH by exploiting vulnerabilities in Abracadabra’s good contract infrastructure.
Whereas the assault unfold FUD (Concern, Uncertainty, & Doubt), the decentralized alternate was fast to distance itself, emphasizing that its contracts had been unaffected and that the exploit was remoted to Abracadabra’s cauldrons.
As investigations proceed, the stolen funds have been traced transferring by Twister Money earlier than being bridged from Arbitrum to Ethereum.
GMX Denies Contract Vulnerability as Investigation Unfolds
As information of the assault broke, hypothesis arose relating to GMX’s involvement for the reason that affected cauldrons relied on GM tokens.
Nevertheless, in an official assertion, GMX asserted that its contracts remained safe, with a pseudonymous consultant reiterating, “GMX contracts are usually not affected.”
Necessary safety discover:
There seems to have been an exploit associated to Abracadabra/Spell's cauldrons that utilise GM tokens, as famous by PeckShield and different safety specialists monitoring the blockchain.
To make clear, no points have been recognized with GMX contracts, and…— GMX
(@GMX_IO) March 25, 2025
As an alternative, the difficulty stemmed solely from Abracadabra’s lending swimming pools, which enabled borrowing in opposition to GM liquidity tokens.
GMX Market (GM) tokens play an necessary position within the decentralized alternate’s ecosystem, producing charges from swaps and leveraged buying and selling.
The cauldrons in Abracadabra’s lending protocol, which facilitate collateralized borrowing, had been structured round these GM tokens.
The breach exploited a vulnerability in these good contracts, permitting the attackers to steal funds with out impacting GMX’s core infrastructure.
Abracadabra has since halted all borrowing throughout its cauldrons whereas its core contributors and exterior safety specialists, together with Guardian Audits, work to evaluate the total scope of the harm.
The platform has additionally contacted the attacker, providing a 20% bug bounty as an incentive to return the stolen funds.
Whereas safety corporations like Chainalysis have been enlisted to trace the motion of the stolen ETH, the funds have already been obfuscated by Twister Money and consolidated into a number of addresses on Ethereum.
A Sample of Exploits Amin Rising Theft
This newest exploit follows a equally damaging assault on Abracadabra Cash on January 30. The protocol misplaced $6.49 million on account of vulnerabilities in its Ethereum-based cauldrons.
The incident led to MIM shedding its peg to the U.S. greenback, dropping as little as $0.77 earlier than recovering.
The January breach was attributed to a rounding difficulty that allowed an attacker to control the “userBorrowPart()” operate, repeatedly borrowing and repaying loans to empty funds.
The repercussions of those assaults have raised severe issues about Abracadabra’s safety infrastructure, significantly on condition that Guardian Audits had audited its cauldrons.
Regardless of these precautions, the newest assault signifies that present safety measures had been inadequate to forestall additional breaches.
Abracadabra has assured its customers {that a} full autopsy report shall be launched as soon as the investigations conclude.
Notably, this newest assault isn’t the one one this month. In accordance with a March 19 report, a classy hacker assault on the AI-powered crypto buying and selling bot AIXBT resulted within the theft of 55.5 ETH (roughly $106,200) after the attacker infiltrated the system’s safe dashboard.
Investigation report
At 2AM UTC, a hacker accessed a safe dashboard for @aixbt_agent autonomous system, queuing 2 malicious replies that led to 55 eth taken from a simulacrum pockets. These funds don’t have an effect on core programs or growth, no affect on us.
Reiterating that this…— rxbt
(@0rxbt) March 18, 2025
The breach allowed the hacker to queue fraudulent prompts, instructing the AI agent to switch funds.
Whereas AIXBT’s maintainers reassured customers that the AI itself was not compromised, the incident led to instant safety upgrades, together with server migrations and key swaps.
The assault additionally prompted AIXBT’s related token on Base to drop 15.5% earlier than a slight restoration.
With the rising prevalence of refined exploits within the DeFi area, platforms and protocols are urged to implement stricter safety measures to make sure customers’ funds are at all times secure.
The publish Abracadabra.Cash Loses $13M in ETH to Safety Breach, Following $6.49M January Hack appeared first on Cryptonews.