Approximately $13 million has been lost in a recent hack involving the decentralized exchange GMX and its integration with Abracadabra.
On March 25, a significant security breach was reported, revealing that contracts linked to Abracadabra (Spell) had been compromised. This hack resulted in the theft of approximately 6,260 Ethereum (ETH), valued at around $13 million based on current market rates.
A representative from GMX emphasized that the main GMX contracts remain secure and that the incident was confined to the integration between Abracadabra and GMX V2. Efforts are underway by the Abracadabra team to investigate the breach and pinpoint the source of the vulnerability.
“This situation only affects Abracadabra/Spell’s cauldrons based on GMX V2’s GM pools. The contributors are investigating the cause, and I sincerely apologize to anyone negatively impacted by this unfortunate event,” the representative stated.
Abracadabra’s cauldrons serve as smart contracts that facilitate various DeFi activities, including lending, borrowing, and liquidity provision. These cauldrons depend on GMX V2’s GM pools—liquidity pools contributed by users to GMX DEX—allowing Abracadabra to leverage GMX’s liquidity for its offerings.
In the aftermath of the attack, reports indicate that the stolen funds have been transferred from Arbitrum (ARB) to Ethereum (ETH) and are currently dispersed across three addresses.
This incident is not the first security challenge for Abracadabra. In January 2024, the Magic Internet Money (MIM) stablecoin, part of the Abracadabra ecosystem, was exploited through a vulnerability in its contract, enabling attackers to manipulate the stablecoin’s price.
