Abracadabra DeFi Protocol Suffers Third Major Exploit

10/6/2025
3min read
Denislav Manolov's Image
by Denislav Manolov
Crypto Expert at Airdrops.com
10/6/2025
3min read
Denislav Manolov's Image
by Denislav Manolov
Crypto Expert

A Familiar DeFi Nightmare

Abracadabra, the DeFi lending protocol behind the Magic Internet Money (MIM) stablecoin, was struck late Saturday night by yet another attack — its third major exploit since 2024. According to BlockSec Phalcon, the hacker exploited a smart contract vulnerability that allowed them to bypass solvency checks, siphoning off 1.79 million MIM in the process.

The attacker’s wallet was initially funded via Tornado Cash, the notorious Ethereum mixer frequently used to obscure transaction trails. After draining the funds, the hacker swapped the stolen MIM for ETH and promptly sent the proceeds back through Tornado Cash, effectively erasing the money trail.

A DAO contributor known as “0xMerlin” confirmed the incident in the project’s Discord server, saying:

“A potential attack vector was identified today in some deprecated contracts. The issue has been mitigated and closed.”

Team Moves Fast to Contain the Damage

According to 0xMerlin, no user funds were affected, and the lost MIM has already been bought back from the market using the DAO’s treasury. The replacement funds are being held in ETH, awaiting repayment to replenish the treasury.

Despite this swift response, the hack raises renewed concerns about the security of DeFi protocols still running older smart contracts. With roughly 44 million MIM in circulation, most of which trade on Ethereum and Arbitrum, the loss may be small in proportion — but symbolically, it’s another blow to confidence.

The platform currently boasts a Total Value Locked (TVL) of $154 million, meaning the exploit represents just over 1% of its assets. However, given Abracadabra’s troubled history with similar exploits, the reputational damage may be far greater.

Тhird Major Exploit in 18 Months

This incident marks the third significant breach for Abracadabra in less than two years.

  • In January 2024, the protocol suffered a $6.4 million hack that also leveraged a solvency bypass.
  • In March 2025, a seven-step flash loan attack drained $13 million in MIM.

Combined with the latest breach, Abracadabra’s total losses now exceed $21 million, making it one of the most frequently targeted DeFi projects since 2024.

Security analysts say the pattern suggests systemic weaknesses within the protocol’s smart contract architecture. While Abracadabra has repeatedly vowed to strengthen its infrastructure, the latest attack indicates those measures are still insufficient.

A DAO Under Pressure

Following the latest exploit, Abracadabra’s DAO has pledged to review internal processes and update its security standards. The team has not yet issued a public-facing statement, but members on Discord expressed frustration at the repeated breaches.

Analysts have also pointed out that Abracadabra’s reliance on older codebases may continue to leave it exposed. Despite upgrades, DeFi’s composability — where protocols build on one another’s smart contracts — can make vulnerabilities difficult to isolate or patch.

“This is one of those cases where DeFi’s openness cuts both ways,” one researcher at BlockSec noted. “Transparency helps find bugs — but it also gives attackers a map.”

Lessons for the DeFi World

While $1.8 million may seem minor compared to previous DeFi mega-hacks, Abracadabra’s latest breach underscores how persistent security lapses can erode trust in decentralized finance. As projects race to innovate, robust auditing and contract deprecation remain crucial defenses against repeat attacks.

The Abracadabra DAO says it will publish a full post-mortem once investigations are complete. Until then, investors and users remain wary of whether the platform’s “magic” can ever truly be restored.

Share with your friends on social media:

Join the community and don't miss a crypto giveaway.

Subscribe for updates by e-mail with the latest research reviews, airdrop news, reward programs, event updates about upcoming airdrops.

By entering your email address you are accepting our Terms & Conditions and Privacy & Cookie Policy.