Abracadabra Suffers $13M Breach, Offers 20% Hacker Bounty

Abracadabra, a popular omnichain DeFi lending platform, witnessed a targeted attack yesterday, resulting in the theft of 6,262 ETH, approximately $13 million in value. The hack, executed by leveraging the vulnerabilities in the smart contracts of both GMX and Abracadabra, is the latest addition to the recurring crypto attacks. 

Following the hack, Abracadabra announced a 20% bounty to those who retrieve the funds. The security team is still working on the recovery, hoping the hackers will accept the bounty and return the assets. Last year, Abracadabra witnessed a similar theft, losing its stablecoin’s peg to the U.S. dollar and $6.49 million. 

How Was The Abracadabra Hack Orchestrated?

The hack was orchestrated on the platform’s isolated markets, called Cauldrons, targeting specifically “gmCauldrons”, a pool tied to GMX liquidity tokens. GMX revealed that there are no security issues in their platform and emphasized that the current hack is an isolated one. While following the missing ETH, blockchain analytics platform ChainAnalysis found that the perpetrators bridged the funds from Arbitrum to Ethereum and kept them in at least three different wallets.

According to various blockchain experts, the attackers might have used the flash loan-based hacking technique. Flash lending helps borrowers to get a loan without any collateral, made possible because of the atomic nature of blockchain technology. If a loan is not repaid, the transactions are simply reverted, but the process makes smart contracts highly vulnerable to attacks. Hackers started using the vulnerability of the lending process in various platforms that provided flash loan services, and the term “flash attacks” became popular after a bunch of hacking events. 

The first flash attack occurred in 2020, exploiting bZx’s smart contracts and opening a large under-collateralized short position with a flash loan. After 5 years, flash attacks have become common, attributing to the largest hacks in the crypto environment. While it is not officially confirmed that the theft was a flash attack, Abracadabra posted on X that a full postmortem would be provided once ready. 

Movement Of The Hacked Funds Connected To Tornado Cash Mixer

The stolen funds were routed through Tornado Cash, the renowned crypto mixing service provider, and some of it was used to pay the gas fees of the transactions. Crypto forensics firm AMLBot reported that the funds were then bridged to Ethereum through Arbitrum, eventually consolidating into 3 wallets: 

• 0x018182FD7B856AeE1606D7E0AA8bca10F1Cb0b5d 
• 0xa8f822E937C982e65b0437Ac81792a3AdA76A1ff 
• 0x047C2a3dd1Ab4105B365685d4804fE5c440B5729

About Abracadabra

Abracadabra is a blockchain-based decentralized lending platform that allows users to participate in the network as lenders and borrowers. The network’s uniqueness lies in its usage of interest-bearing tokens (ibTKNs), a type of liquidity provider (LP) tokens, as collateral. The platform has three major tokens: SPELL, sSPELL, and MIM. SPELL is the native tradeable asset, and the sSPELL is obtained by staking SPELL. MIM is the ecosystem’s stablecoin, pegged to the US dollar. The borrowers can collateralize their digital assets in exchange for the platform’s stablecoin ($MIM) loans.

Also read: Everything You Need To Know About Crypto Public Sale

Abracadabra’s Current Market Scenario

Following the hack, Abracadabra’s SPELL token witnessed a downtrend in the charts, decreasing 3% in value in the past day. SPELL is currently 99% down from its all-time high of $0.07515 it attained three years ago. At the moment of writing, it is trading for $0.0006699 per token. 

• Fear & Greed Index: 21 (Extreme Fear) 
• Market Sentiment: Bearish 
• Supply Inflation: 20.76% (High) 
• Dominance: 0.01% 
• Volatility: 60.61% (Extremely High)