Recently, a significant hack resulted in the theft of around $13 million from the crypto exchange GMX’s connection with Abracadabra.
On March 25, a blockchain security firm revealed that a serious security breach occurred with GMX decentralized exchange. Specifically, the contracts linked to Abracadabra (Spell) were compromised, resulting in the theft of approximately 6,260 Ethereum (ETH), valued at nearly $13 million based on current market rates.
A representative from GMX, Jonezee, promptly stated that the core contracts of GMX were not impacted, and the issue was limited to the integration between Abracadabra and GMX V2. He reassured that the Abracadabra team is diligently investigating the incident and working to uncover the cause of the vulnerability.
“To clarify, GMX contracts are unharmed. The problem pertains to Abracadabra/Spell’s cauldrons, which are based on GMX V2’s GM pools. The contributors are currently investigating the cause, and I sincerely apologize to anyone adversely affected. This is very unfortunate,” Jonezee expressed.
Abracadabra’s cauldrons are smart contracts that facilitate DeFi activities such as lending, borrowing, and providing liquidity. These cauldrons utilize GMX V2’s GM pools—liquidity pools supplied by users to the GMX decentralized exchange. This integration allows Abracadabra to leverage GMX’s liquidity framework to enhance its own offerings.
The most recent update regarding the breach indicates that the stolen funds have been transferred from Arbitrum (ARB) to Ethereum (ETH) and are currently distributed across three different addresses.
This isn’t the first time Abracadabra has encountered security challenges within its smart contracts. Back in January 2024, the Magic Internet Money (MIM) stablecoin, which is part of the Abracadabra ecosystem, was exploited due to a flaw in its contract, enabling attackers to manipulate MIM’s price.