abracadabra Finance Faces $13 Million Loss Due to Smart Contract Exploit
Abracadabra Finance has disclosed a security breach impacting its gmCauldron smart contracts. The incident led to the theft of around $13 million. The company is now taking action to recover the lost funds.
Following the attack, Abracadabra disabled borrowing across all its cauldrons. they are collaborating with blockchain security experts to trace the stolen assets. PeckShield, a blockchain security firm, first reported the exploit.
The attack targeted the link between GMX decentralized exchange and Abracadabra’s lending contracts. The company is working with security firms to track the stolen funds. In a statement, they mentioned, “We are assessing the full extent of the damage and collaborating with Guardian Audits, GMX, and other security partners to understand how the hack was executed. The breach exploited the integration between GMX and Abracadabra’s lending contracts.
Despite undergoing audits and using multiple security systems, the breach was only detected after the attacker made several transactions.The Zeroshadow team alerted Abracadabra, leading to an immediate shutdown of all borrowing functions. The attack was flagged by PeckShield. The stolen assets have been moved from Arbitrum to Ethereum and are now in at least three addresses.
Chainalysis, a blockchain analytics firm, is helping to trace the stolen assets. The company had previously audited the gmCauldrons and integrated them into various monitoring systems. Though, the breach was only noticed after the attacker executed multiple transactions.
“We are working closely with security peers to identify the execution of the hack,” the company posted.
Abracadabra is offering a 20% bug bounty to the attacker for returning the remaining funds. They encourage the hacker to contact them via email or on-chain.
A full report on the exploit will be released once the inquiry is complete.
