Abracadabra.Money loses $13M in GMX-linked hack

Abracadabra.Money suffered a $13 million exploit targeting pools linked to GMX (CRYPTO:GMX) tokens, though GMX has denied any compromise of its smart contracts.

The March 25 attack drained 6,260 Ether (CRYPTO:ETH), marking Abracadabra’s second major breach in three months after a $6.49 million loss in January.

GMX clarified that the vulnerability stemmed from Abracadabra’s “cauldrons”—borrowing pools utilising GMX liquidity tokens—not its own contracts.

“We believe the issue relates solely to the Abracadabra/Spell cauldrons,” a GMX contributor stated.

AMLBot confirmed that only Abracadabra’s contracts were breached.

The hacker used Tornado Cash (CRYPTO:TORN) for initial funding before bridging stolen ETH from Arbitrum (CRYPTO:ARB) to Ethereum.

GMX emphasised that its contracts remain secure, as Abracadabra’s MIM pools operate independently.

Abracadabra’s January breach also destabilised its Magic Internet Money (MIM) stablecoin, briefly causing it to lose its USD peg.

While GMX distanced itself from the exploit, the incident highlights risks in interconnected DeFi ecosystems.

Abracadabra’s repeated breaches raise concerns over protocol security, though GMX’s response underscores the complexity of cross-platform dependencies.

The attack follows a broader trend of DeFi vulnerabilities, with protocols like Nostra (CRYPTO:NSTR) recently pausing borrowing due to price feed errors.

As Abracadabra investigates, analysts await clarity on whether the exploit stemmed from code flaws or external dependencies.

The incident underscores the need for rigorous audits in decentralised finance, particularly for platforms integrating third-party liquidity tokens.

GMX’s transparency in separating its contracts from the breach may mitigate reputational damage, but Abracadabra’s recurring issues demand heightened scrutiny.

At the time of reporting, the GMX (GMX) price was $13.91.