Abracadabra Finance suffers $6.5 million exploit, MIM stablecoin crashes to $0.76
The threat actors behind the attack targeted a vulnerability in Abracadabra's lending and borrowing smart contracts.
Share this article
Decentralized finance protocol Abracadabra Finance has suffered a major exploit discovered earlier today, leading to a loss of approximately $6.5 million in user funds. Magic Internet Money (MIM), the algorithmic stablecoin issued by the protocol, crashed to $0.76 following the exploit.
According to an initial disclosure published by blockchain security firm PeckShield at 5:36 AM EST, the threat actors behind the attack targeted a vulnerability in Abracadabra’s lending and borrowing smart contracts.
These smart contracts govern the Magic Internet Money stablecoin. The attackers bypassed an insolvency check because of a precision loss bug that occurs when collateral amounts are placed from a transaction. The bug then enabled the attackers to take out a highly inflated MIM loan relative to the collateral deposited.
News of the attack quickly crushed confidence in the MIM stablecoin, causing it to lose parity below $0.7 before gradually recovering to $0.96 within the day.
PeckShield notes that the attacker funded the exploit using Tornado Cash, a currently sanctioned crypto mixing protocol.
In an initial analysis, Certik, another blockchain security auditor, suggested that the MIM exploit could stem from a rounding error in the stablecoin’s minting or burning process. Abracadabra uses interest-bearing collateral to algorithmically expand and contract MIM’s supply as needed to retain its peg. Technical slip-ups in a system this delicate system can throw off the peg.
In response to the incident, MIM developers said the decentralized Abracadabra community would coordinate efforts to purchase and burn MIM coins to restore the $1 peg.
We are aware of an exploit involving certain cauldrons on Ethereum.
Our engineering team is triaging and investigating the situation.
To the best of its Ability, the DAO treasury will be buying back MIM from the market to then burn.
More updates are coming.
— 🧙🏼♂️ (@MIM_Spell) January 30, 2024
This is not the first de-pegging event for MIM, which also broke parity with its dollar peg during the FTX collapse in 2022. At the time, nearly a third of MIM’s collateral backing reportedly consisted of FTX’s native token, FTT, with FTT’s crash compromising MIM’s stability.
Abracadabra Finance has grappled with internal governance issues in recent months. This January, a controversial proposal emerged to shift control from Abracadabra’s decentralized autonomous organization (DAO) to a centralized legal entity comprised of appointed trustees.
The move was intensely debated within the community, reflecting broader debates around DeFi governance and its implications. Critics argued it betrayed the project’s founding ethos as a permissionless and “trustless” ecosystem governed transparently on-chain by token holders. Other proponents contended stricter centralized oversight could improve stability and accountability following past security incidents.