Decentralized crypto lending platform Abracadabra.money was hit by an exploit on Tuesday, resulting in a $6.5 million loss to the protocol. 

The exploit was flagged by blockchain security firm PeckShield, which noted that the attacker funded the exploit with 1 ETH from Tornado Cash. 

Magic Internet Money (MIM), the stablecoin tied to the protocol flash crashed to $0.76 after the exploit. At the time of writing, the stablecoin was still trading below its U.S. dollar-peg at around $0.98.

The attacker managed to trick certain Abracadabra’s isolated lending pools on Ethereum, called “cauldrons,” and used a nested series of smart contracts to loop the Abracadabra Degenbox’s “borrow” and “repay” functions, according to analysis from Arkham. 

Meanwhile blockchain security firm CertiK noted on X that early indications pointed to a “rounding error” being the root cause of the exploit. 

The MIM team acknowledged the exploit and said the protocol’s decentralized autonomous organization (DAO) was attempting to stabilize the price of the stablecoin of MIM through a buyback and burn program, likely explaining why MIM is now trading closer to its peg. 

Around 10 hours later, however, the team issued an update urging users to revoke all approvals to the smart contract to prevent a loss of funds.

https://twitter.com/MIM__Spcll/status/1752444391061430403

MIM has lost its peg before, fluctuating to a low of $0.95 after the collapse of FTX in November 2022, given that FTX’s native token FTT was the largest collateral token backing the stablecoin. MIM also destabilized after the collapse of the Terra ecosystem earlier that year.