5 months ago
15 ARTICLE AD
The threat actors behind the attack targeted a vulnerability in Abracadabra's lending and borrowing smart contracts.
Decentralized finance protocol Abracadabra Finance has suffered a major exploit discovered earlier today, leading to a loss of approximately $6.5 million in user funds. Magic Internet Money (MIM), the algorithmic stablecoin issued by the protocol, crashed to $0.76 following the exploit.
According to an initial disclosure published by blockchain security firm PeckShield at 5:36 AM EST, the threat actors behind the attack targeted a vulnerability in Abracadabra’s lending and borrowing smart contracts.
These smart contracts govern the Magic Internet Money stablecoin. The attackers bypassed an insolvency check because of a precision loss bug that occurs when collateral amounts are placed from a transaction. The bug then enabled the attackers to take out a highly inflated MIM loan relative to the collateral deposited.
News of the attack quickly crushed confidence in the MIM stablecoin, causing it to lose parity below $0.7 before gradually recovering to $0.96 within the day.
PeckShield notes that the attacker funded the exploit using Tornado Cash, a currently sanctioned crypto mixing protocol.
In an initial analysis, Certik, another blockchain security auditor, suggested that the MIM exploit could stem from a rounding error in the stablecoin’s minting or burning process. Abracadabra uses interest-bearing collateral to algorithmically expand and contract MIM’s supply as needed to retain its peg. Technical slip-ups in a system this delicate system can throw off the peg.
In response to the incident, MIM developers said the decentralized Abracadabra community would coordinate efforts to purchase and burn MIM coins to restore the $1 peg.
We are aware of an exploit involving certain cauldrons on Ethereum.
Our engineering team is triaging and investigating the situation.
To the best of its Ability, the DAO treasury will be buying back MIM from the market to then burn.
More updates are coming.
— 🧙🏼♂️ (@MIM_Spell) January 30, 2024
This is not the first de-pegging event for MIM, which also broke parity with its dollar peg during the FTX collapse in 2022. At the time, nearly a third of MIM’s collateral backing reportedly consisted of FTX’s native token, FTT, with FTT’s crash compromising MIM’s stability.
Abracadabra Finance has grappled with internal governance issues in recent months. This January, a controversial proposal emerged to shift control from Abracadabra’s decentralized autonomous organization (DAO) to a centralized legal entity comprised of appointed trustees.
The move was intensely debated within the community, reflecting broader debates around DeFi governance and its implications. Critics argued it betrayed the project’s founding ethos as a permissionless and “trustless” ecosystem governed transparently on-chain by token holders. Other proponents contended stricter centralized oversight could improve stability and accountability following past security incidents.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
