Abracadabra Money, a decentralized lending platform that operates across different blockchain networks, has confirmed a significant security breach. The exploit, which involved the protocol’s Ethereum cauldrons, allowed the attacker to borrow the platform’s stablecoin, Magic Internet Money (MIM), using various assets as collateral. The total amount exploited was approximately $6.49 million.
Upon discovering the breach, the MIM development team promptly acknowledged the incident and initiated an investigation. They have also announced their intention to compensate the victims of the exploit through a buy-back and burn process.
The breach was initially identified and reported by PeckShield, a reputable blockchain security firm. According to their findings, the attacker funded the attack with 1 Ether (ETH) using the cryptocurrency mixer Tornado Cash.
Following the public disclosure of the exploit, the value of MIM, which is a stablecoin pegged to the United States dollar, experienced a significant drop. It fell to $0.77 but has since recovered to its current price of $0.94, as per CoinMarketCap data.
CertiK, another blockchain security firm, conducted an analysis of the exploit and suggested that it may have been caused by a “rounding issue.” The attacker repeatedly executed the “userBorrowPart()” function and subsequently used the “repay()” function from the protocol’s v4 cauldrons. This allowed the attacker to borrow and repay loans multiple times, ultimately draining funds from the contract.
It is worth noting that this is not the first time that Magic Internet Money has faced challenges. In 2022, the stablecoin was depegged due to the collapse of the Terra ecosystem. In response to the increased risk from the Curve protocol, the protocol raised the interest rate on the coin by 200% in an attempt to manage the situation.
Despite this setback, Abracadabra Money remains committed to addressing the exploit and ensuring the security of its platform. The incident highlights the ongoing need for robust security measures within the decentralized finance space.