Particle.news

Download on the App Store

Abracadabra Hit by $1.7 Million Exploit, Its Third in Two Years

Researchers attribute the breach to a cook-function logic flaw that bypassed solvency checks.

Overview

  • The breach drained roughly $1.7–$1.77 million (over 1.79 million MIM) and marks Abracadabra’s third exploit in under two years.
  • Security analysis says the attacker sequenced the cook function by triggering “action 5” then an empty “action 0” to override final solvency validation across six addresses.
  • Abracadabra paused all contracts to limit further losses following the discovery of the attack.
  • Roughly 51 ETH was laundered through Tornado Cash, while the attacker’s wallet 0x1AaaDe still holds about 344 ETH.
  • The DAO said on Discord it will use reserves to repurchase affected MIM, and the project’s official X account has not posted an update.