Abracadabra Money, a lending platform that operates across different blockchains, has confirmed a significant exploit worth $6.49 million. The exploit involved the protocol’s Ethereum cauldrons, which enable users to borrow the Magic Internet Money (MIM) stablecoin using various assets as collateral.
The MIM development team has acknowledged the exploit and is currently investigating the matter. They have announced that the protocol’s governing body intends to compensate the victims by implementing a buy-back and burn process.
Blockchain security firm PeckShield first detected the $6.49 million exploit on Tuesday. The unknown attacker initially funded the attack with 1 Ether (ETH) through the cryptocurrency mixer Tornado Cash, according to PeckShield.
Shortly after the exploit was reported, the value of MIM, a stablecoin pegged to the United States dollar and based on an algorithmic model, dropped below its peg. It fell to $0.77 but has since recovered to its current value of $0.94, as per CoinMarketCap data.
A report from CertiK, another blockchain security firm, suggested that the exploit may have been caused by a “rounding issue.” The attacker repeatedly executed the “userBorrowPart()” function, followed by “repay()” from the protocol’s v4 cauldrons. This process allowed the attacker to borrow and repay loans repeatedly, ultimately draining funds from the contract.
It is worth noting that Magic Internet Money faced depegging issues in 2022 due to the collapse of the Terra ecosystem. In August, the protocol raised the interest rate on the coin by 200% as a risk management measure in response to issues with the Curve protocol.