Decentralized lending platform Abracadabra.Finance suffered an assault that drained $13 million price of cryptocurrency from swimming pools tied to GMX liquidity tokens.
Blockchain safety agency PeckShield flagged that contracts involving decentralized trade GMX and Abracadabra have been compromised, resulting in the theft of 6,260 ETH, price round $12.98 million on the time of writing.
The exploit centered on so-called “cauldrons,” remoted lending markets in Abracadabra the place customers can borrow towards crypto collateral. These explicit cauldrons relied on GM tokens, which signify liquidity positions in GMX, a decentralized trade platform.
GMX distanced itself from the incident. In a submit on X, an account related to the trade stated that GMX’s contracts themselves have been unaffected. The group later stated the breach was “solely associated to the Abracadabra/Spell cauldrons,” which used GM tokens as collateral however didn’t contain GMX’s core infrastructure.
In an announcement on X, Abracadabra confirmed the exploit and stated core contributors and engineers have been investigating the incident to its “totally audited” cauldron. The protocol famous that gmCauldrons had been audited by Guardian Audits — the identical agency that audited GMX contracts — and have been a part of a broader safety infrastructure involving monitoring and response instruments.
The protocol supplied the attacker a 20% bug bounty and invited them to barter by way of electronic mail or an on-chain message.
Abracadabra is working with Guardian and GMX in addition to different safety companions in assessing the extent of the harm and the way the assault was executed. A full autopsy will observe as soon as the investigation concludes, and no consumer collateral was affected, it stated.
Final yr Abracadabra.Finance suffered a $6.49 million exploit that prompted its Magic Web Cash (MIM) stablecoin to lose its peg to the U.S. greenback.