DeFi lending protocol Abracadabra exploited for $13M of ETH

DeFi lending protocol Abracadabra has lost approximately $13 million via an exploit that appears to be linked to certain collateral tokens. 

Crypto security audit firm Peckshield flagged the hack, which drained a total of 6,260 ether (ETH) on the Ethereum layer-two network Arbitrum. The funds have since been bridged back to Ethereum, where they are being held in three addresses. 

Read more: Magic Internet Money loses its sparkle as DeFi platform hacked for $6.5M

After being tagged in the initial alert, decentralized perps exchange GMX took to X to clarify that its contracts were unaffected by the attack. The team points instead to “Abracadabra/Spell cauldrons” which “allow for borrowing against specific GM liquidity tokens.”

While the investigation into the root cause of the hack is ongoing, one of Abracadabra’s core contributors suspects it could be linked to changes in GMX’s codebase.

Read more: Sifu’s UwU Lend reportedly hacked for $20M, Curve’s Egorov among affected

Today’s loss is double that of the last time Abracadabra was hacked. In January of last year, the platform lost $6.5 million, briefly knocking its Magic Internet Money stablecoin off its dollar peg.

Later, in June, another lending platform, UwU Lend, which is linked to Abracadabra via Michael Patryn (aka. 0xSifu), was hacked, twice. The fallout eventually led to a liquidation cascade on Curve Finance founder Michael Egorov’s highly leveraged positions backed by his own platform’s governance tokens.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.