Abracadabra Finance has reported a major security exploit targeting its gmCauldron smart contracts, leading to a theft of approximately $13 million. The company is actively working to recover the stolen funds and has temporarily disabled borrowing across all cauldrons to prevent further breaches.

Details of the Security Breach

The attack, initially identified by a blockchain security firm, exploited vulnerabilities in the integration between Abracadabra Finance’s lending contracts and the GMX decentralized exchange. Despite the security measures in place, the breach was only detected after multiple transactions were executed by the attacker.

“The full damage of the attack is currently being assessed. We are collaborating with Guardian Audits, GMX, and other security experts to understand the execution of the hack,” Abracadabra Finance stated.

Security Measures and Response

Abracadabra Finance highlighted that its gmCauldrons had undergone audits by Guardian Audits before deployment and were integrated with advanced security monitoring systems, including Zeroshadow tracking and Hexagate response tools. However, the breach was flagged only after the attacker leveraged vulnerabilities to siphon funds.

The Zeroshadow team eventually alerted Abracadabra Finance, prompting an immediate shutdown of borrowing functions across all cauldrons to mitigate the impact. Blockchain analytics firm Chainalysis has been enlisted to trace the stolen assets, which have reportedly been bridged from Arbitrum (ARB) to Ethereum (ETH) and consolidated into multiple wallet addresses.

Bug Bounty Offer to the Attacker

In a bid to recover the stolen funds, Abracadabra Finance has offered the attacker a 20% bug bounty as an incentive to return the remaining assets. The company issued the following statement:

“To the hacker, we are happy to entertain negotiations for a bug bounty of 20% of the total. Reach out at reward@abracadabra.money or on-chain to our treasury address on ETH 0xDF2C270f610Dc35d8fFDA5B453E74db5471E126B.”

Next Steps in the Investigation

Abracadabra Finance has assured users that a comprehensive post-mortem report will be released once the investigation concludes. The company is working closely with blockchain security firms and industry peers to identify the root cause of the exploit and prevent future occurrences.

This incident serves as a reminder for cryptocurrency investors and companies to prioritize security measures and conduct regular audits. Beginners and intermediate-level investors should remain vigilant when interacting with decentralized finance (DeFi) platforms and ensure they understand the risks associated with such technologies.

Post Views: 2