Table of Contents
On March 25, Abracadabra.Finance—a DeFi lending platform with a name that screams “trust me, I know spells”—was hit with a $13 million crypto exploit. The exploit targeted pools involving GMX tokens, and according to the crypto security firm PeckShield, a vulnerability in smart contracts connected to GMX and Abracadabra.Finance resulted in the loss of approximately 6,260 ETH. Ouch.
Déjà Vu for Abracadabra.Finance
If this feels familiar, that’s because it is. Abracadabra..Finance was previously hit in January 2024, losing $6.49 million due to another smart contract hack. That attack not only hurt wallets—it caused their Magic Internet Money (MIM) stablecoin to depeg from the U.S. dollar, which is kind of the opposite of “magic.”
GMX Says: “Not Our Fault!”
GMX was quick to wipe its hands clean of the drama. A pseudonymous spokesperson for GMX stated on social platform X (formerly Twitter) that GMX’s own smart contracts were not affected.
According to them, the vulnerability was in the MIM pools, which were built on top of GMX v2 pools. In other words: “Yes, we’re involved, but no, don’t blame us.” GMX clarified that the hack only impacted MIM pools using GM tokens, and their contracts remained untouched.
If you’re wondering what these platforms actually do:
-
GMX earns money from swaps and leveraged trading.
-
Abracadabra’s “Cauldrons” let users take isolated loans against specific assets.
This time, it was the Abracadabra/Spell-Cauldron contracts that were targeted—specifically those connected to GM token liquidity.
Blockchain Magic Tricks: Forensics Edition
Crypto forensics firm AMLBot investigated the breach and revealed that the attacker funded their wallet using Tornado Cash, the notorious decentralized crypto mixer often used to hide transaction trails. After pulling off the exploit, the thief moved the stolen ETH from Arbitrum to Ethereum via a cross-chain bridge—like a magician escaping through a trapdoor.
Conclusion: More “Abra” Than “Cadabra”
While GMX walks away relatively clean, Abracadabra.Finance now has two major hacks under its robe, and trust in the platform is likely vanishing faster than MIM’s peg.
As the DeFi space continues to evolve, one thing’s for sure: smart contracts still aren’t smart enough to stop clever hackers. So, next time you see a protocol named after wizardry, maybe ask: “Does your magic come with an audit?”
Related: Why Are North Korean Hackers the Most Successful Crypto Thieves?
