Abracadabra Finance’s MIM stablecoin falls from peg after $6.5M hack

Digital assets associated with the decentralized finance (DeFi) project Abracadabra Finance, including its Magic Internet Money (MIM) stablecoin, values fell after its team confirmed an exploit of the platform.

In a Jan. 30 post on social media platform X (formerly Twitter), the project’s team acknowledged an ongoing exploit involving certain Ethereum cauldrons. “Our engineering team is triaging and investigating the situation,” they added.

Data from CoinMarketCap shows that the security incident resulted in the ecosystem’s MIM stablecoin deviating from its $1 peg. The asset’s value fell to as low as $0.77 before recovering to $0.92 as of press time.

The team assured that its decentralized autonomous organization (DAO) would strive to help the stablecoin regain its peg.

“To the best of its Ability, the DAO treasury will be buying back MIM from the market to then burn.” the team stated.

Similarly, the protocol’s SPELL reward token declined 2.43% to  $0.00051 as of press time, according to CryptoSlate data.

Furthermore, the security incident has rapidly dropped the total value of assets locked on the platform. Data from DeFillama shows that the protocol’s assets under management rapidly fell by around $23 million to $139 million.

However, data from Abracadabra’s website pegs the total outflow to $10.3 million and its TVL at $150 million as of press time.

Abracadabra TVL. (Source: Abracadabra)

Abracadabra Finance is a DeFi lending protocol allowing users to borrow its Magic Internet Money (MIM) stablecoin using different cryptocurrencies as collateral.

 $6.5M hack

Blockchain security firm CertiK told CryptoSlate that the protocol was exploited for $6.5 million.

According to CertiK, the attacker was funded via the crypto-mixing tool Tornado Cash and created an attack contract that exploited a rounding error issue on the platform.

“The exploiter repeatedly called userBorrowPart() and repay() from the project’s V4 Cauldrons with early indications pointing to a rounding issue,” CertiK furthered.

Consequently, the attacker was able to siphon $6.5 million in MIM and immediately converted the stolen assets into Ethereum that were sent to two externally owned addresses,

Leave a Reply

Your email address will not be published. Required fields are marked *