25-3-2025 – Abracadabra.Money has suffered its second major security breach this year, with hackers successfully pilfering approximately 6,260 Ether ($13m) from its lending protocol.
The cyber assault, which occurred on 25 March, specifically targeted pools utilising GMX tokens, though the GMX platform itself remains uncompromised. A pseudonymous GMX communications representative clarified that their contracts maintained their integrity, explaining that the vulnerability stemmed from MIM’s pools’ integration with GMX v2 infrastructure.
The incident marks a concerning pattern for Abracadabra.Money, which had previously endured a $6.49m breach merely two months prior. That January incident notably disrupted their Magic Internet Money (MIM) stablecoin’s parity with the dollar.
Blockchain security experts have pieced together the attack’s methodology. The perpetrators initially obscured their tracks using Tornado Cash, a decentralised cryptocurrency mixer, before executing their scheme. Subsequently, they orchestrated the transfer of purloined assets from the Arbitrum network to Ethereum via a cross-chain bridge.
GMX’s official channels emphasised that the security lapse was confined to Abracadabra’s lending pools, specifically those interfacing with GM tokens—instruments central to GMX’s fee-generation mechanism for swaps and leveraged trading activities.
Crypto forensics firm AMLBot’s investigation corroborated GMX’s assertion, confirming that the exploit exclusively affected Abracadabra.Money’s smart contracts, whilst GMX’s infrastructure remained intact. The incident underscores the persistent vulnerabilities within decentralised finance protocols, even as the sector continues to mature.
Both affected platforms had yet to issue comprehensive statements regarding remediation plans or potential compensation for affected users at the time of reporting.
