Blockchain Security Breach at Abracadabra’s MIM_Spell

Blockchain security firm Cyvers has reported a significant security breach affecting DeFi platform Abracadabra’s MIM_Spell platform.

The attack resulted in the loss of 6,262 ETH, approximately $12.9 million.

According to Cyvers, the attacker swiftly bridged the stolen ETH to the Ethereum network and redistributed the funds across three newly created wallets.

MIM Confirms the Breach

On March 25, MIM confirmed the exploit in an official statement but did not divulge the total amount stolen. The exploit targeted its gmCauldron smart contracts, which had passed audits conducted by Guardian Audits, the team that reviewed GMX’s core infrastructure.

MIM highlighted that additional security measures were integrated, including collaborations with Hexagate and ZeroShadow’s threat-tracking system. Despite these precautions, the exploit went undetected until several transactions had already occurred. ZeroShadow eventually identified the unusual activity, prompting Abracadabra to halt all borrowing functionalities tied to the affected contracts.

While MIM emphasized that no user collateral was compromised, it stated that its internal teams are still evaluating the complete impact of the breach.

MIM announced:

> “To the hacker, we are happy to entertain negotiations for a bug bounty of 20% of the total. Reach out at [email protected] or on-chain to our treasury address on ETH 0xDF2C270f610Dc35d8fFDA5B453E74db5471E126B.”

Although there were initial indications that the incident might also affect GMX’s platform, GMX clarified that its smart contracts remain intact.

According to GMX, the exploit is confined to Abracadabra’s cauldrons, which facilitate borrowing against GM liquidity tokens. GMX stated:

> “We believe the issue relates solely to the Abracadabra/Spell cauldrons. These cauldrons allow for borrowing against specific GM liquidity tokens. Contributors from Spell, GMX, and security researchers are currently investigating the cause of the issue.”

Despite GMX distancing itself from the incident, the platform’s native token experienced a drop, falling nearly 5% from $14.74 to $13.74 before slightly recovering to around $14.13 at the time of reporting.