Hackers have exploited vulnerabilities in another decentralized finance (DeFi) protocol, this time netting around $13 million worth of Ethereum (ETH).
Crypto security specialists raised the alarm, saying that DeFi lending platform Abracadabra.money lost around 6,260 ETH on Tuesday. The team behind the project confirmed the exploit, while the full damage of the attack was still unknown at the time of its post on the X platform.
While official details about the hack are scarce, it is estimated that the hacker exploited vulnerabilities in the protocol's smart contracts, which allowed them to steal tokens from Abracadabra's pools. The latter, called "cauldrons," are related to crypto exchange GMX's liquidity pools used for loans. However, GMX claims that its "smart contracts remain safe and unaffected."
"While having multiple systems in place, the exploit was caught only after the attacker executed several transactions. The Zeroshadow team alerted us, and we quickly turned off all borrows to all cauldrons," Abracadabra explained, noting that no user collateral is affected, an investigation is ongoing, and analysts are tracking the stolen funds.
The stolen tokens were bridged, or sent, from the Arbitrum blockchain to the Ethereum blockchain and were held in three addresses.
Meanwhile, the team behind Abracadabra has offered the hacker a 20% bug bounty, encouraging them to reach out and negotiate.
The platform's smart contracts were also compromised in January 2024, leading to a $6.5 million exploit.
Abracadabra.money uses interest-bearing tokens as collateral to mint Magic Internet Money, a USD-denominated stablecoin. According to their data, more than $162 million worth of tokens are "locked" or employed on this platform at the time of writing.
Your email address will not be published. Required fields are markedmarked