Massive Breach Hits GMX-Abracadabra Integration
Approximately $13 million worth of Ethereum was stolen in a recent exploit targeting the integration between GMX, a decentralized exchange, and Abracadabra, a DeFi lending protocol.
PeckShield Confirms the Attack
On March 25, blockchain security firm PeckShield confirmed the breach, revealing that the attacker drained 6,260 ETH from smart contracts associated with Abracadabra’s “cauldrons” on its V2’s GM pools. The stolen funds have since been bridged from Arbitrum to Ethereum and are now scattered across three addresses.
GMX Assures Core Contracts Are Safe
Jonezee, a GMX representative, quickly clarified that their primary contracts remain secure and that the breach is isolated to Abracadabra’s integration.
“To clarify, GMX contracts are not affected. It relates to Abracadabra/Spell’s cauldrons based on GMX V2’s GM pools. The contributors are currently looking into the cause, and I’d like to apologise wholeheartedly to anybody negatively affected. This is very unfortunate,” stated Jonezee.
How the Attack Happened
Abracadabra’s cauldrons are specialized smart contracts that facilitate lending, borrowing, and liquidity provision. These cauldrons rely on liquidity pools from the victim themselves, which appears to be the attack vector exploited by the hacker.
Not the First Abracadabra Breach
This is not the first time Abracadabra has faced security vulnerabilities. In January 2024, the protocol’s Magic Internet Money (MIM) stablecoin was manipulated through a smart contract flaw, enabling attackers to distort its price.
YOU MIGHT ALSO LIKE: AVAX Price Surge: 5 Bullish Signals That Could Send It Soaring!
As investigations continue, the breach raises fresh concerns over the security of DeFi integrations and the risks associated with cross-platform dependencies.
