Blockchain security firm Cyvers has reported a major security breach that affected DeFi platform Abracadabra’s MIM_Spell platform.
The attack led to the loss of 6,262 ETH, equivalent to around $12.9 million.
According to Cyvers, the attacker quickly bridged the stolen ETH to the Ethereum network and distributed the funds across three newly generated wallets.
MIM confirms breach
On March 25, MIM confirmed the exploit in a statement without disclosing the stolen amount.
According to the platform, the exploit targeted its gmCauldron smart contracts, which had passed audits conducted by Guardian Audits, the team that reviewed GMX’s core infrastructure.
The platform also highlighted the presence of additional security layers, including integrations with Hexagate and ZeroShadow’s threat-tracking system.
Despite these measures, the exploit went unnoticed until several transactions had already been completed. ZeroShadow eventually identified the irregular activity, after which Abracadabra suspended all borrowing functions tied to the impacted contracts.
While the platform stressed that no user collateral was compromised, it noted that its internal teams are still assessing the full scope of the breach.
MIM stated:
“To the hacker, we are happy to entertain negotiations for a bug bounty of 20% of the total. Reach out at reward@abracadabra.money or on chain to our treasury address on ETH 0xDF2C270f610Dc35d8fFDA5B453E74db5471E126B.”
While early indications suggested that the incident might have impacted GMX’s platform, the DEX clarified that its smart contracts remain untouched.
According to GMX, the exploit is isolated to Abracadabra’s cauldrons, which support borrowing against GM liquidity tokens.
The protocol added:
“We believe the issue relates solely to the Abracadabra/Spell cauldrons. These cauldrons allow for borrowing against specific GM liquidity tokens. The contributors from Spell, GMX, and security researchers are currently investigating the cause of the issue.”
Despite GMX’s distancing from the incident, the platform’s native token still took a hit.
CryptoSlate data shows GMX fell nearly 5%, dropping from $14.74 to $13.74 before slightly recovering to around $14.13 as of press time.
The post DeFi platform MIM Spell offers 20% bounty to hacker after $12.9 million ETH heist appeared first on CryptoSlate.