Hacker Exploits Smart Contracts Vulnerability, Steals $13 Million in Ethereum
25.03.2025 20:15 1 min. read Alexander Stefanov
A security flaw in Abracadabra’s smart contracts has led to a major exploit, with a hacker draining around 6,262 ETH—valued at roughly $13 million—from the protocol’s liquidity pools.
The attack, identified as a flash loan exploit, was initially flagged by blockchain security firm PeckShield.
Abracadabra’s lending system, known as “cauldrons,” integrates with GMX liquidity pools to facilitate borrowing and lending. The hacker reportedly manipulated the liquidation process in the GMX V2 integration, exploiting a weakness that allowed them to extract funds from the protocol.
Blockchain researcher Weilin Li analyzed the incident, noting that the attacker used a flash loan to trigger self-liquidation. Flash loans, a DeFi feature allowing users to borrow funds without collateral as long as they are repaid within the same transaction block, played a key role in the exploit.
The attacker borrowed Abracadabra’s stablecoin, Magic Internet Money (MIM), and executed a multi-step strategy to convert the debt into cash, profiting from liquidation incentives.
Despite the breach, a GMX developer confirmed that the attack did not compromise GMX’s core contracts. The stolen funds were later transferred from Arbitrum to Ethereum.
This isn’t the first security incident for Abracadabra. In January 2024, another exploit targeting its MIM stablecoin led to a $6.5 million loss, raising concerns over the protocol’s ongoing vulnerabilities.
-
1
DeFi Protocol Loopscale Hit by Exploit, Pauses Key Functions
27.04.2025 17:30 2 min. read -
2
Celsius CEO Sentenced to 12 Years Over $5 Billion Crypto Scandal
09.05.2025 10:00 2 min. read -
3
Mango Markets Hacker Sentenced for Separate Criminal Charges
03.05.2025 11:00 1 min. read -
4
North Korean Agent Exposed in Crypto Job Scam at Kraken
04.05.2025 20:00 2 min. read -
5
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
05.05.2025 16:00 1 min. read
Celsius CEO Sentenced to 12 Years Over $5 Billion Crypto Scandal
A major chapter in crypto’s legal reckoning closed this week as Alex Mashinsky, once a prominent name in digital lending, received a 12-year prison sentence.
Alex Mashinsky Seeks One-Year Sentence as DOJ Pushes for 20 Years
Former Celsius CEO Alex Mashinsky is asking for a significantly reduced prison sentence ahead of his May 8 sentencing, with his legal team pushing back hard against the U.S. Department of Justice’s call for a 20-year term.
Samourai Wallet Case Faces Scrutiny After Allegations of Withheld Evidence
The legal battle against the creators of Samourai Wallet has taken a sharp turn, as defense attorneys accuse federal prosecutors of suppressing a key legal interpretation from the Treasury Department that could dismantle the core of the government’s case.
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
A decades-long Bitcoin holder has reportedly lost over $300 million in a devastating crypto theft — one of the largest in recent memory.
-
1
DeFi Protocol Loopscale Hit by Exploit, Pauses Key Functions
27.04.2025 17:30 2 min. read -
2
Celsius CEO Sentenced to 12 Years Over $5 Billion Crypto Scandal
09.05.2025 10:00 2 min. read -
3
Mango Markets Hacker Sentenced for Separate Criminal Charges
03.05.2025 11:00 1 min. read -
4
North Korean Agent Exposed in Crypto Job Scam at Kraken
04.05.2025 20:00 2 min. read -
5
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
05.05.2025 16:00 1 min. read