Particle.news
Download on the App Store
3 ARTICLES
·
2h ago

Abracadabra Suffers Third DeFi Exploit, $1.7 Million Drained as Contracts Paused

Investigators attribute the theft to cook function logic that bypassed solvency checks.

Image

Overview

  • Security firms report roughly $1.7–$1.77 million stolen, with more than 1.79 million MIM drained across six addresses.
  • The attacker laundered about 51 ETH through Tornado Cash, and wallet 0x1AaaDe still holds around 344 ETH worth roughly $1.55 million at reporting.
  • Researchers detail a sequence using “action 5” to initiate borrowing and “action 0” to rewrite a check flag, which skipped the final validation step in the cook function.
  • Abracadabra paused contracts to limit further losses, and the DAO plans to deploy reserves to repurchase affected MIM to stabilize the ecosystem.
  • This marks the third major breach in under two years after losses in January 2024 (~$6.5M) and March 2025 (>$13M), with community trust strained as official X channels remain silent.