Approximately $13 million was stolen in the recent hack of crypto exchange GMX’s integration with Abracadabra.
On March 25, blockchain security monitoring firm PeckShield reported a major security incident of GMX decentralized exchange. Specifically the contracts related to Abracadabra (Spell) were hacked, leading to the theft of approximately 6,260 Ethereum (ETH), worth about $13 million at current market rates.
Jonezee, a representative from GMX, quickly clarified that GMX’s core contracts remained secure and that the issue was isolated to the integration between Abracadabra and GMX V2. He assured that the Abracadabra team is actively investigating the breach and working to identify the root cause of the vulnerability.
“To clarify, GMX contracts are not affected. It relates to Abracadabra/Spell’s cauldrons based on GMX V2’s GM pools. The contributors are currently looking into the cause, and I’d like to apologise wholeheartedly to anybody negatively affected. This is very unfortunate,” wrote Jonezee.
Abracadabra’s cauldrons are smart contracts that enable DeFi activities such as lending, borrowing, and liquidity provision. These cauldrons rely on GMX V2’s GM pools—liquidity pools provided by users to GMX DEX. This integration with GMX lets Abracadabra use GMX’s liquidity system to support its own products.
The latest update regarding the attack is that the stolen funds have been bridged from Arbitrum (ARB) to Ethereum (ETH) and are currently spread between 3 addresses.
This isn’t the first time Abracadabra has faced security issues in its smart contracts. In January 2024, the Magic Internet Money (MIM) stablecoin, part of the Abracadabra ecosystem, was exploited due to a vulnerability in its contract, allowing attackers to manipulate the price of MIM.
