Abracadabra Suffers Third DeFi Exploit As Hackers Drain $1.7 million
DeFi undertaking Abracadabra has suffered a recent exploit that drained about $1.7 million from its platform.
Blockchain safety agency Go Security flagged the breach on October 4 and confirmed that attackers had already laundered about 51 ETH by way of Tornado Cash. At the time of reporting, the attacker’s pockets (recognized as 0x1AaaDe) nonetheless held round 344 ETH, value roughly $1.55 million.
How Abracadabra Was Exploited for the Third Time
Security researcher Weilin Li verified the exploit and defined that the attacker manipulated Abracadabra’s smart contract variables to bypass a solvency test.
This allowed them to borrow property past the supposed restrict, prompting Abracadabra’s workforce to pause all contracts to stop additional losses.
Another blockchain audit agency, Phalcon, traced the foundation trigger to a defective logic sequence within the platform’s prepare dinner operate. This is a mechanism that lets customers execute a number of predefined actions in a single transaction.
According to the agency, the attacker carried out two operations that overrode key safeguards.
The first, referred to as motion 5, initiated a borrowing course of that was imagined to go solvency checks. The second, referred to as motion 0, acted as an empty replace operate that rewrote the test flag and skipped the ultimate validation step.
The attacker drained greater than 1.79 million MIM tokens by repeating this sample throughout six completely different addresses.
As of press time, Abracadabra has but to remark publicly on the incident. Notably, the undertaking’s official X account has remained silent since early September.
However, Go Security reported that the Abracadabra workforce confirmed on Discord that it could use DAO reserve funds to repurchase the affected MIM provide.
Meanwhile, if verified, the newest incident would mark the third exploit in opposition to Abracadabra in beneath two years.
In January 2024, the platform lost $6.49 million in a hack that briefly depegged the MIM stablecoin from the US dollar. A second exploit in March 2025 drained one other $13 million from its cauldron contracts, after which the workforce supplied the hacker a 20% bounty.
The recurrence of such breaches raises renewed questions in regards to the security of the DeFi protocol and the sustainability of its cross-chain lending architectures.
The put up Abracadabra Suffers Third DeFi Exploit As Hackers Drain $1.7 million appeared first on BeInCrypto.
