A significant exploit has rocked the decentralized finance (DeFi) space, with Abracadabra/Spell’s cauldrons leveraging GMX V2’s GM pools have suffered a $13 million loss. According to a post by Cyvers Alerts on X, the attack involved multiple suspicious transactions on the Arbitrum network. This resulted in the theft of 6,260 $ETH. The stolen funds were quickly bridged to the Ethereum network and distributed across three wallet addresses. Cyvers Alerts flagged the incident and urged users to remain vigilant.
GMX Claims No Contract Breach in this Attack
GMX, a decentralized exchange protocol, swiftly clarified that its contracts were not compromised in the attack. The vulnerability was isolated to Abracadabra/Spell’s cauldrons, which allow users to borrow against GM liquidity tokens. In a follow-up statement, GMX emphasized that its team, alongside Spell contributors and security researchers, was actively investigating the root cause of the exploit. The incident highlights the risks associated with DeFi lending protocols, particularly those integrating with external liquidity pools.
Information about the Victim Platform
Abracadabra.money, the platform behind Spell, operates as a DeFi lending protocol that enables users to mint its USD-pegged stablecoin, Magic Internet Money (MIM). The Spell token (SPELL), an Ethereum-based governance token for Abracadabra, has a circulating supply of over 83 billion tokens. Abracadabra’s tokenomics include a notable burn event that reduced SPELL’s total supply from 420 billion to 210 billion, with 63% of the supply allocated to incentivize liquidity pools.
The broader implications of the Abracadabra/Spell exploit highlight the ongoing challenges in securing DeFi platforms, particularly those with complex integrations like GMX V2’s GM pools. As the investigation continues, the incident serves as a sobering reminder for users to exercise caution and for developers to prioritize rigorous security audits to protect against future attacks.
