Abracadabra.Finance, a crypto lending platform, just got hacked, and the hacker stole $13 million worth of Ethereum (ETH)
Security experts Cyvers and PeckShield spotted the attack, confirming that the hacker moved 6,262 ETH to the Ethereum network, spreading the money across three different wallets.
Abracadabra has also confirmed the attack, but didn’t say how much was stolen at first. The hacker targeted “cauldrons,” which are lending pools where users borrow against crypto assets. These smart contracts had already been audited by Guardian Audits, which also reviewed GMX’s systems. Despite extra security from Hexagate and ZeroShadow, the attack went unnoticed until several transactions had already been completed.
After ZeroShadow flagged the issue, Abracadabra shut down borrowing on all affected contracts. The company is now working with security firms, including Guardian Audits and GMX, to figure out exactly how the breach happened. “The full damage of the attack is currently being assessed. We are working together with Guardian Audits, GMX, and other security peers to identify the execution of the hack,” the company said.
Instead of chasing the hacker legally, Abracadabra offered them a deal to return the funds and keep 20% as a bounty. “To the hacker, we are happy to entertain negotiations for a bug bounty of 20% of the total,” the team announced.
Some people worried that GMX, a decentralized exchange, was also affected, but GMX quickly shut down those rumors. “We believe the issue relates solely to the Abracadabra/Spell cauldrons,” GMX said in a statement. Even though GMX wasn’t hacked, its token price still dropped by about 5%, going from $14.74 to $13.74 before slightly recovering.
Blockchain investigators from Chainalysis have been tracking the stolen ETH. They found that the hacker bridged the funds from Arbitrum to Ethereum and then stored them in at least three different wallets. Right now, security teams are still trying to trace the transactions and possibly recover the money.
Abracadabra has reassured users that no collateral was lost, meaning borrowers and lenders didn’t directly lose their funds. However, the company is still assessing the full impact of the attack. A detailed post-mortem report will be released once the investigation wraps up.
Meanwhile, this isn’t Abracadabra’s first security issue. In 2024, the platform was hacked for $6.49 million, which caused its Magic Internet Money (MIM) stablecoin to lose its peg to the U.S. dollar.
Also Read: Hackers promote XRP by hacking Socials of Media House
