Decentralized lending protocol Abracadabra.Cash has suffered one other devastating safety breach, ensuing within the lack of roughly $13 million value of Ether (ETH).
The exploit, which was detected on March 25 by blockchain safety agency PeckShield, particularly focused swimming pools using GMX tokens.
.@GMX_IO @MIM_Spell associated contracts have been hacked for ~6,260 ETH (value ~$13M) pic.twitter.com/LZzMADWB3n
— PeckShield Inc. (@peckshield) March 25, 2025
This marks the second vital assault on the platform this 12 months, following a $6.49 million breach in January that led to the depegging of its Magic Web Cash (MIM) stablecoin.
The latest incident noticed malicious actors draining 6,260 ETH by exploiting vulnerabilities in Abracadabra’s sensible contract infrastructure.
Whereas the assault unfold FUD (Concern, Uncertainty, & Doubt), the decentralized change was fast to distance itself, emphasizing that its contracts had been unaffected and that the exploit was remoted to Abracadabra’s cauldrons.
As investigations proceed, the stolen funds have been traced transferring by way of Twister Money earlier than being bridged from Arbitrum to Ethereum.
GMX Denies Contract Vulnerability as Investigation Unfolds
As information of the assault broke, hypothesis arose relating to GMX’s involvement for the reason that affected cauldrons relied on GM tokens.
Nonetheless, in an official assertion, GMX asserted that its contracts remained safe, with a pseudonymous consultant reiterating, “GMX contracts are usually not affected.”
Necessary safety discover:
There seems to have been an exploit associated to Abracadabra/Spell's cauldrons that utilise GM tokens, as famous by PeckShield and different safety specialists monitoring the blockchain.
To make clear, no points have been recognized with GMX contracts, and…— GMX
(@GMX_IO) March 25, 2025
As an alternative, the problem stemmed solely from Abracadabra’s lending swimming pools, which enabled borrowing towards GM liquidity tokens.
GMX Market (GM) tokens play an essential function within the decentralized change’s ecosystem, producing charges from swaps and leveraged buying and selling.
The cauldrons in Abracadabra’s lending protocol, which facilitate collateralized borrowing, had been structured round these GM tokens.
The breach exploited a vulnerability in these sensible contracts, permitting the attackers to steal funds with out impacting GMX’s core infrastructure.
Abracadabra has since halted all borrowing throughout its cauldrons whereas its core contributors and exterior safety consultants, together with Guardian Audits, work to evaluate the total scope of the injury.
The platform has additionally contacted the attacker, providing a 20% bug bounty as an incentive to return the stolen funds.
Whereas safety corporations like Chainalysis have been enlisted to trace the motion of the stolen ETH, the funds have already been obfuscated by way of Twister Money and consolidated into a number of addresses on Ethereum.
A Sample of Exploits Amid Rising Theft
This newest exploit follows a equally damaging assault on Abracadabra Cash on January 30. The protocol misplaced $6.49 million as a consequence of vulnerabilities in its Ethereum-based cauldrons.
The incident led to MIM shedding its peg to the U.S. greenback, dropping as little as $0.77 earlier than recovering.
The January breach was attributed to a rounding subject that allowed an attacker to govern the “userBorrowPart()” operate, repeatedly borrowing and repaying loans to empty funds.
The repercussions of those assaults have raised severe issues about Abracadabra’s safety infrastructure, notably provided that Guardian Audits had audited its cauldrons.
Regardless of these precautions, the newest assault signifies that current safety measures had been inadequate to forestall additional breaches.
Abracadabra has assured its customers {that a} full autopsy report shall be launched as soon as the investigations conclude.
Notably, this newest assault is just not the one one this month. In line with a March 19 report, a classy hacker assault on the AI-powered crypto buying and selling bot AIXBT resulted within the theft of 55.5 ETH (roughly $106,200) after the attacker infiltrated the system’s safe dashboard.
Investigation report
At 2AM UTC, a hacker accessed a safe dashboard for @aixbt_agent autonomous system, queuing 2 malicious replies that led to 55 eth taken from a simulacrum pockets. These funds don’t have an effect on core methods or growth, no impression on us.
Reiterating that this…— rxbt
(@0rxbt) March 18, 2025
The breach allowed the hacker to queue fraudulent prompts, instructing the AI agent to switch funds.
Whereas AIXBT’s maintainers reassured customers that the AI itself was not compromised, the incident led to fast safety upgrades, together with server migrations and key swaps.
The assault additionally precipitated AIXBT’s related token on Base to drop 15.5% earlier than a slight restoration.
With the rising prevalence of subtle exploits within the DeFi house, platforms and protocols are urged to implement stricter safety measures to make sure customers’ funds are all the time protected.
The put up Abracadabra.Cash Loses $13M in ETH to Safety Breach, Following $6.49M January Hack appeared first on Cryptonews.