The hacker exploited a flaw in the protocol’s smart contracts. Draining approximately 6,262 ETH from the liquidity pools.
The stolen funds from a crypto hacker were later bridged from Arbitrum to Ethereum, intensifying the gravity of the attack.
Hacker Uses Flash Loan to Steal Funds from Abracadabra
According to security firm Peckshield, the theft primarily affected Abracadabra’s “cauldrons,” smart contracts that facilitate decentralized lending and borrowing through decentralized exchange GMX liquidity pools.
The hack appears to have involved a flash loan attack, a DeFi strategy where a user borrows funds without collateral. Then, the hacker repays them within the same transaction block. Crypto researcher William Li explained that the attacker used a seven-step process to manipulate the liquidation process within Abracadabra’s cauldrons. They are based on GMX V2’s GM pools.
An initial analysis of the @MIM_Spell attack
The CauldronV4 contract allows user to perform multiple actions while the solvency check is at the end of all actions. (P1)
The user made 7 actions (P2), where:
– 5 = borrow MIM
– 30 = call attack contract
– 31 = liquidation pic.twitter.com/0VI8JoFbI2— Weilin (William) Li (@hklst4r) March 25, 2025
In a unique twist, the attacker liquidated themselves in a “flashloan state,” where the borrower had no collateral to back the loan. The attacker profited from the liquidation incentives when the position was cleared.
GMX Clarifies Core Contracts Unaffected by Abracadabra Hack
While the vulnerability was linked to the integration of Abracadabra’s cauldrons with GMX V2’s GM pools, GMX developers clarified that their core contracts were not affected. “To clarify, GMX contracts are not affected,” said GMX developer Jonas_ALA on X. He noted that the issue stemmed from Spell’s cauldrons, which operate using GMX V2’s liquidity pools. The developers are investigating the root cause of the issue, but it has left many in the DeFi space concerned.
Following a thorough investigation into the Abracadabra exploit together with GMX’s security partners, we can affirm that GMX’s smart contracts remain safe and unaffected.
Users can continue to feel secure trading, earning, and providing liquidity on GMX. https://t.co/YYfq7yTdYU
— GMX
(@GMX_IO) March 25, 2025
This incident has raised alarm bells about the potential risks in decentralized finance protocols, where smart contract vulnerabilities can lead to significant financial losses. It’s a reminder that, in the fast-paced world of crypto, one can never be too careful. As of now, the stolen funds have been moved across the blockchain, but the incident is still under investigation.
Disclaimer
The information discussed by Altcoin Buzz is not financial advice. This is for educational, entertainment, and informational purposes only. Any information or strategies are thoughts and opinions relevant to the accepted levels of risk tolerance of the writer/reviewers, and their risk tolerance may be different from yours. We are not responsible for any losses that you may incur as a result of any investments directly or indirectly related to the information provided. Bitcoin and other cryptocurrencies are high-risk investments, so please do your due diligence. Copyright Altcoin Buzz Pte Ltd.
The post Hacker Exploits Vulnerability to Steal $13M from Abracadabra appeared first on Altcoin Buzz.
Credit: Source link
Arabic
Bengali
Chinese (Simplified)
English
French
German
Italian
Japanese
Korean
Portuguese
Russian
Spanish
Vietnamese