Decentralized crypto lending platform Abracadabra.money was hit by an exploit on Tuesday, resulting in a $6.5 million loss to the protocol.
The exploit was flagged by blockchain security firm PeckShield, which noted that the attacker funded the exploit with 1 ETH from Tornado Cash.
The initial loss for @MIM_Spell is ~$6.5M, comprising 2.74K $ETH.
The exploiter initially funded the attack with 1 $ETH from #TornadoCash. pic.twitter.com/lPENOLZA2I— PeckShield Inc. (@peckshield) January 30, 2024
Magic Internet Money (MIM), the stablecoin tied to the protocol flash crashed to $0.76 after the exploit. At the time of writing, the stablecoin was still trading below its U.S. dollar-peg at around $0.98.
The attacker managed to trick certain Abracadabra’s isolated lending pools on Ethereum, called “cauldrons,” and used a nested series of smart contracts to loop the Abracadabra Degenbox’s “borrow” and “repay” functions, according to analysis from Arkham.
The hacker swapped $7M of MIM for a total of $6.3M in ETH, incurring around 10% slippage when they dumped it on Curve.
They’re now holding the ETH in two addresses:
0x40d5FFA20fC0dF6bE4D9991938dAa54E6919c714 ($4.15M ETH)
0xbD12D6054827ae3fc6D23B1aCf47736691b52Fd3 ($2.16M ETH) pic.twitter.com/s3ovPoWZBX— Arkham (@arkham) January 30, 2024
Meanwhile blockchain security firm CertiK noted on X that early indications pointed to a “rounding error” being the root cause of the exploit.
The MIM team acknowledged the exploit and said the protocol’s decentralized autonomous organization (DAO) was attempting to stabilize the price of the stablecoin of MIM through a buyback and burn program, likely explaining why MIM is now trading closer to its peg.
Around 10 hours later, however, the team issued an update urging users to revoke all approvals to the smart contract to prevent a loss of funds.
https://twitter.com/MIM__Spcll/status/1752444391061430403
MIM has lost its peg before, fluctuating to a low of $0.95 after the collapse of FTX in November 2022, given that FTX’s native token FTT was the largest collateral token backing the stablecoin. MIM also destabilized after the collapse of the Terra ecosystem earlier that year.