DeFi platform Abracadabra. money hit by hackers for the third time, losing $20M+ in total
Some crypto platforms are becoming lucrative sources of criminal income for hackers, with one popular decentralized finance (DeFi) platform being exploited for the third time in two years. It has lost tokens worth tens of millions of USD.
Today, DeFi platform Abracadabra.money confirmed that the most recent attack, which occurred this past Saturday, cost the team around $1.7 million.
It said that the threat actor exploited a security vulnerability in some deprecated cauldrons, or Abracadabra's token pools, on the Ethereum (ETH) mainnet and managed to mint 1.79 million of the Magic Internet Money (MIM) stablecoin.
However, the treasury of the decentralized autonomous organization (DAO) that oversees the project said it bought back the entire amount of MIM from the market, "completely reversing the effect of the attack."
Despite the exploit, the stablecoin traded near USD $1 throughout the weekend.
The team behind the project also claims that no users’ funds were lost and that "cauldron borrowing is currently disabled as we review the current codebase for the future upcoming deployments."
Abracadabra is also seeking information that could help identify the hacker and is promising rewards through its bug bounty program.
The team's official statement was made only today, despite the crypto security platform BlockSec Phalcon reporting the attack on Saturday.
"The root cause stems from the flawed implementation logic of the cook function, which allows users to execute multiple predefined operations in a single transaction," the platform said.
The Abracadabra platform has already been exploited at least three times since January 2024, when criminals stole around $6 million worth of tokens from the platform. Meanwhile, as reported by Cybernews.com, in March 2025, the same platform lost around $13 million worth of ETH.
Abracadabra.money uses interest-bearing tokens as collateral to mint MIM. According to its data, more than $152 million worth of tokens are "locked" or employed on the platform at the time of writing.
Unlock more exclusive Cybernews content on YouTube.
