May 18, 2025
March 25, 2025

Abracadabra's MIM_Spell Platform Hit by $12.9 Million Cyber Theft

A major security breach hit Abracadabra’s MIM_Spell platform, resulting in the loss of 6,262 ETH—worth roughly $12.9 million. Blockchain security firm Cyvers identified and reported the breach first.

Details of the Breach

The attacker responsible for the breach executed a swift and calculated move by bridging the stolen ETH to the Ethereum network. Subsequently, the funds were distributed across three newly created wallets, complicating the traceability and recovery of the stolen assets.

On March 25, MIM released an official statement confirming the exploit but chose not to disclose the amount stolen. The attacker targeted the platform's gmCauldron smart contracts, which Guardian Audits had previously reviewed—the same team that audited GMX's core infrastructure.

Security Measures and Breach Detection

Abracadabra had multiple security layers in place, including integrations with Hexagate and ZeroShadow's threat-tracking systems, yet the exploit slipped through undetected during several transactions. ZeroShadow eventually spotted the irregular activity, prompting Abracadabra to suspend all borrowing functions tied to the affected contracts.

While reassuring users that no collateral was compromised, Abracadabra's MIM_Spell team highlighted that their internal teams are still evaluating the full extent of the breach. In a bid to resolve the issue amicably, MIM has reached out to the hacker, offering a 20% bug bounty of the total stolen amount for information leading to the resolution of the breach.

Impact on GMX and Market Reaction

GMX quickly addressed initial fears about its platform, assuring users that its smart contracts remained untouched. The DEX clarified that the issue only involved Abracadabra’s cauldrons, which handle borrowing against specific GM liquidity tokens.

Despite the assurance from GMX, the platform's native token experienced a market dip, falling nearly 5% from $14.74 to $13.74, before making a slight recovery to around $14.13, as per CryptoSlate data.

Ongoing Investigations and Industry Response

Contributors from Spell, GMX, and various security researchers are actively investigating the cause of the breach. The crypto community is closely monitoring the situation, given the potential implications for smart contract security and the integrity of DeFi platforms.This incident serves as a stark reminder of the persistent security challenges within the DeFi space. It underscores the importance of rigorous security measures and constant vigilance by both platforms and users to safeguard digital assets against sophisticated cyber threats.For more insights into blockchain security and the latest updates in the crypto world, visit our sections on Blockchain Security and Ethereum Stories.