GMX-Abracadabra Connection Results in $13m Theft

Around $13 million was taken in the recent hack of crypto exchange GMX's integration with Abracadabra.

On March 25, PeckShield, a blockchain security monitoring firm, reported a major security breach of the GMX decentralized exchange. Specifically, the contracts associated with Abracadabra (Spell) were compromised, resulting in the theft of approximately 6,260 Ethereum (ETH), valued at about $13 million based on current market rates.

.@GMX\_IO @MIM\_Spell related contracts have been hacked for ~6,260 ETH (worth ~$13M)

Jonezee, a spokesperson from GMX, promptly clarified that GMX's core contracts were not impacted and that the problem was confined to the integration between Abracadabra and GMX V2. He assured that the Abracadabra team is actively looking into the breach and working to determine the source of the vulnerability.

"To clarify, GMX contracts are not affected. It pertains to Abracadabra/Spell's cauldrons based on GMX V2's GM pools. The contributors are currently investigating the cause, and I'd like to wholeheartedly apologize to anyone who has been negatively affected. This is very unfortunate," wrote Jonezee.

Abracadabra's cauldrons are smart contracts that enable DeFi activities such as lending, borrowing, and liquidity provision. These cauldrons rely on GMX V2's GM pools—liquidity pools provided by users to GMX DEX. This integration with GMX allows Abracadabra to utilize GMX's liquidity system to support its own products.

The latest information regarding the attack is that the stolen funds have been transferred from Arbitrum (ARB) to Ethereum (ETH) and are currently distributed among 3 addresses.

This is not the first time Abracadabra has encountered security issues in its smart contracts. In January 2024, the Magic Internet Money (MIM) stablecoin, which is part of the Abracadabra ecosystem, was exploited due to a vulnerability in its contract, allowing attackers to manipulate the price of MIM.