Abracadabra, a decentralized finance (DeFi) lending protocol, has suffered an attack worth $1.8 million, its third major security incident since the beginning of 2024.
The hack focused on a flaw in an outdated contract, which allowed the attacker to bypass solvency checks and drain $1.79 million of the protocol's native stablecoin, Magic Internet Money (MIM).
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange
According to security firm BlockSec Phalcon, the attacker used Tornado Cash to fund the initial transaction and laundered the proceeds through the same mixer.
The protocol's developers confirmed that the issue has been mitigated and that no user funds were lost, as the DAO's treasury was used to cover the loss.