Overview
- The breach drained roughly $1.7–$1.77 million (over 1.79 million MIM) and marks Abracadabra’s third exploit in under two years.
- Security analysis says the attacker sequenced the cook function by triggering “action 5” then an empty “action 0” to override final solvency validation across six addresses.
- Abracadabra paused all contracts to limit further losses following the discovery of the attack.
- Roughly 51 ETH was laundered through Tornado Cash, while the attacker’s wallet 0x1AaaDe still holds about 344 ETH.
- The DAO said on Discord it will use reserves to repurchase affected MIM, and the project’s official X account has not posted an update.