BTCC / BTCC Square / CoindeskEN /
Abracadabra Drained of $13M in Exploit Targeting Cauldrons Tied to GMX Liquidity Tokens

Abracadabra Drained of $13M in Exploit Targeting Cauldrons Tied to GMX Liquidity Tokens

CoindeskEN
Author:
CoindeskEN
Release Time:
2025-03-25 16:14:42
0

Decentralized lending platform Abracadabra.Finance suffered an attack that drained $13 million worth of cryptocurrency from pools tied to GMX liquidity tokens.

Blockchain security firm PeckShield flagged that contracts involving decentralized exchange GMX and Abracadabra were compromised, leading to the theft of 6,260 ETH, worth around $12.98 million at the time of writing.

The exploit focused on so-called "cauldrons," isolated lending markets in Abracadabra where users can borrow against crypto collateral. These particular cauldrons relied on GM tokens, which represent liquidity positions in GMX, a decentralized exchange platform.

GMX distanced itself from the incident. In a post on X, an account associated with the exchange said that GMX’s contracts themselves were unaffected. The team later said the breach was “solely related to the Abracadabra/Spell cauldrons,” which used GM tokens as collateral but did not involve GMX’s CORE infrastructure.

In a statement on X, Abracadabra confirmed the exploit and said core contributors and engineers were investigating the incident to its “fully audited” cauldron. The protocol noted that gmCauldrons had been audited by Guardian Audits — the same firm that audited GMX contracts — and were part of a broader security infrastructure involving monitoring and response tools.

The protocol offered the attacker a 20% bug bounty and invited them to negotiate via email or an on-chain message.

Abracadabra is working with Guardian and GMX as well as other security partners in assessing the extent of the damage and how the attack was executed. A full post-mortem will follow once the investigation concludes, and no user collateral was affected, it said.

Last year Abracadabra.Finance suffered a $6.49 million exploit that caused its Magic Internet Money (MIM) stablecoin to lose its peg to the U.S. dollar.

Articles on this site are sourced from public networks or curated by AI for informational purposes only and do not represent BTCC’s views. Original rights belong to the respective authors. For copyright concerns, please contact [email protected]. BTCC assumes no liability for the accuracy, timeliness, or completeness of this information, and disclaims all liability arising from reliance on such content. This content is for reference only and should not be taken as investment, legal, or commercial advice.

|Square

Get the BTCC app to start your crypto journey

Get started today Scan to join our 100M+ users