Abracadabra Loses $1.8 Million Due too Simple Coding Error
Abracadabra, a DeFi lending protocol, suffered a $1.8 million loss after a hacker exploited a basic coding mistake. The attacker bypassed a safety check, allowing them to borrow without collateral. This incident mirrors a similar attack on a forked project just days earlier.
The hacker targeted Abracadabra’s batch function, which lets users perform multiple actions in one transaction. They exploited a flaw in the ‘cook()’ function, resetting a validation flag meant to ensure borrowers had enough collateral. this allowed them to drain six Cauldrons, Abracadabra’s borrowing units, in one go.
After stealing 1.79 million MIM tokens, the attacker swapped them for ETH and laundered the funds via Tornado Cash. Analysts at Hacken, a blockchain security firm, detailed this in a research note.
This isn’t Abracadabra’s first security issue. Earlier this year, other incidents involved similar contract vulnerabilities. Interestingly,a forked project called Synnax paused its CauldronV4 master days before the Abracadabra attack,indicating they spotted the risk.
The incident highlights how a small coding oversight can lead to critically important losses. It also underscores the importance of thorough code audits and quick responses to potential vulnerabilities.
