Abracadabra becomes a victim of its third significant DeFi hack post-2024 as attackers steal $1.8 million using a cook function vulnerability.
The Magic Internet Money (MIM) stablecoin, which is based on the DeFi lending protocol Abracadabra, was recently hacked to the tune of approximately $1.8 million. This is the third huge breach of the platform since 2024.
The attacker took advantage of a logical defect of the Abracadabra cook feature, which executes several operations within a single transaction
This loophole evaded insolvency checks that were to ensure the avoidance of excessive borrowing. The attacker exploited this vulnerability by making six calls to the cook function using six addresses, which drained 1.79 million MIM tokens from the protocol.
Fraudulent Cook Feature Malfunctions Massive Loss.
The fundamental weakness is the manner in which the cook operation performs several preset actions that all have the same status
Action 5 of the process of the function provokes a solvency check flag when it occurs. However, the next operation 0 clears this flag as it has an empty internal update function, which means it goes straight to the last insolvency check.
This overborrowing gave freedom to the attacker. The stolen tokens of MIM were hastily turned and laundered using Tornado Cash to erase any traces, and some of the proceeds were turned into ETH.
Third Big Adventure Lifts DeFi Ringing Bells.
The recent hack of Abracadabra is not the only one. The protocol has suffered two attacks before, one in January 2024, causing a loss of $6.5 million, and another in March 2025, resulting in a loss of about $13 million. Both of these incidents relate to sophisticated smart contract vulnerabilities exploited by attackers to empty wallets.
The decentralized autonomous organization (DAO) of Abracadabra responded promptly after the recent breach
To stabilize the platform, they fixed the exposed contracts and bought off the market the stolen MIM
On X, the DAO representative 0xMerlin told users that the attack did not directly affect their own funds and that they are strengthening their internal security.
This is the third violation that raises questions about the security of smart contracts in DeFi
Analysts also highlight that regulators should strictly apply solvency checks and independently verify transaction statuses to prevent this type of mischief in multi-action transactions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
