Abracadabra appears to have been hacked for the third time in two years

Abracadabra Money, an omnichain DeFi lending platform behind the Magic Internet Money (MIM) stablecoin, has reportedly suffered another exploit resulting in the loss of roughly $1.7 million in digital assets. 

The claim, posted by several researchers on X, marks the latest security incident for the project, which has previously been targeted by hackers.

According to Vladimir S., a blockchain threat researcher with the X handle, @officer_cia, the protocol was drained of $1.7 million before the attacker transferred the stolen funds into Tornado Cash.

The researcher’s claim followed an earlier post on X  by Weilin William Li (@hklst4r), who had flagged the incident as a vulnerability in Abracadabra’s smart contracts but stopped short of confirming the exploit at the time.

Vulnerability in ‘solvency check’ logic

Li said the suspected attacker may have exploited a flaw in the protocol’s logic that allowed them to bypass a solvency check, a safeguard designed to ensure that borrowers cannot withdraw more funds than they are entitled to.

“It seems Abracadabra @MIM_Spell is hacked again,” Li wrote. “This time a more obvious vulnerability, where an ‘else’ branch clears the status variables and sets ‘needSolvencyCheck’ to false by default.”

Li also implied that Abracadabra Money was already aware of the situation as he wrote “They have paused all their contracts now,” while cautioning that his findings were preliminary and could be subject to revision.

Abracadabra Money is a familiar target for hackers

If confirmed, this would be the third exploit the platform has suffered in roughly two years. The first was in January 2024, when it suffered a $6.49 million exploit. That exploit caused its MIM stablecoin to lose its peg to the US dollar.

The second exploit occurred in March 2025; the protocol lost an estimated $13 million after attackers exploited vulnerabilities in its “cauldron” smart contracts tied to GMX. That’s the largest breach the platform has suffered to date, and it caused Abracadabra to pause borrowing across its ecosystem and offered a 20% bounty to the hackers for the safe return of funds.

DeFi’s persistent security challenges

Abracadabra Money’s recurring vulnerabilities have drawn criticism from parts of the DeFi community.

The relatively modest amount involved, $1.7 million compared to earlier multi-million-dollar DeFi exploits, may indicate a partial drain or that the vulnerability was discovered and mitigated before further damage occurred. 

An estimated $307 million is reported to have been stolen from crypto platforms globally in the third quarter (Q3) of 2025, with DeFi exploits coming second after centralized exchanges, according to data shared by CertiK. 

This is an improvement to the figures that were lost to exploits in Q2 and Q1. This year alone has seen over $3 billion lost to hacks. With Q4 just starting, Abracadabra Money is one of the first casualties of the quarter.

As of the time of writing, Abracadabra Money has yet to issue an official statement addressing the reported exploit.

Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.