Abracadabra Finance, a DeFi lending and borrowing protocol, acknowledged in a recent tweet that its Ethereum cauldrons have been hit by an exploit. Blockchain security firm PeckShield estimates that the exploit resulted in a loss of $6.49 million.
PeckShield’s experts identified details pertaining to the exploit; the attacker funded it with 1 Ether from Tornado Cash and resulted in the biggest depeg in MIM stablecoin since the USD-pegged asset’s inception.
The DeFi lending and borrowing protocol Abracadabra Finance has acknowledged that its Ethereum pools were drained. Blockchain security firm PeckShield estimates that the exploit is currently ongoing and has set the protocol back for $6.49 million in Ether.
The blockchain security firm’s team has published further details of the exploit, how it was conducted and where attackers funded it from. The attack was initiated with 1 Ether in funds from Tornado Cash.
Exploit on Abracadabra Finance. Source: PeckShield
The protocol’s stablecoin Magic Internet Money (MIM) suffered a depeg and dropped to a low of $0.76 before making its recovery to $0.94 on Tuesday, January 30. The depeg is likely the largest one since MIM’s inception. The team has yet to issue an official statement that outlines the nature of the exploit and the steps taken to mitigate the attack.
In its response to the exploit, MIM_Spell handle on X (formerly Twitter) acknowledged the exploit involving certain cauldrons on Ethereum and assured traders that the engineering team is triaging and investigating the situation. The team stated that the DAO treasury will buy back MIM from the market and burn it to tackle the depeg and asked traders to wait for more updates.
The security firm Cyvers shared its initial analysis of the exploit and stated that the exploiter has sent over 1,800 Ether worth nearly $4 million to a new wallet address that the team has identified.