Abracadabra Suffers $1.8 Million DeFi Hack in Third Major Attack Since 2024
Abracadabra, a popular decentralized finance (DeFi) lending protocol known for issuing its decentralized stablecoin Magic Internet Money (MIM), has been hit by its third significant hack since early 2024. This recent cyberattack saw hackers steal nearly $1.8 million worth of MIM by exploiting a vulnerability in the protocol's smart contract.
What Happened? The Details of the $1.8 Million Abracadabra DeFi Hack
The attack took place late on a Saturday night when an unknown hacker took advantage of a flaw in Abracadabra’s smart contract system. This weakness allowed the attacker to bypass critical solvency checks a safeguard designed to prevent borrowing beyond a user’s collateral value. Exploiting this loophole, the hacker managed to borrow an excessive amount of Magic Internet Money tokens, totaling approximately 1.79 million MIM.
Security firm BlockSec Phalcon confirmed the details of the exploit and traced the attacker’s initial transaction funding through Tornado Cash, a cryptocurrency mixing protocol often used to enhance transaction privacy and obfuscate funds’ origin. After stealing the MIM tokens, the hacker swapped them for Ethereum (ETH) and sent the ETH back through Tornado Cash to cover their tracks.
Abracadabra's Response: Protecting User Funds and Fixing the Vulnerability
The Abracadabra team, through a member known as 0xMerlin on the protocol’s Discord server, quickly disclosed that the attack targeted some deprecated smart contracts. Immediate action was taken to patch the issues and close the vulnerability.
Importantly, Abracadabra confirmed that user funds remain unaffected by the hack. The stolen MIM tokens were bought back from the open market using the DAO treasury funds, with plans to repay the treasury in ETH shortly. This means protocol users do not bear any direct losses from this cyberattack.
What Is Magic Internet Money (MIM) and Abracadabra Protocol?
Magic Internet Money (MIM) is a decentralized stablecoin primarily operating on the Ethereum blockchain and its Layer 2 scaling solution Arbitrum. With a circulating supply of nearly 44 million tokens, MIM is an integral part of the Abracadabra DeFi ecosystem.
Abracadabra itself is a DeFi lending platform that allows users to borrow MIM against interest-bearing collateral assets. The protocol has grown in popularity due to its innovative stablecoin mechanics and a current total value locked (TVL) of around $154 million.
Abracadabra’s History of DeFi Hacks: Over $21 Million Lost Since 2024
This latest attack adds to Abracadabra’s troubling record with DeFi security. Since the beginning of 2024, the protocol has suffered three major security breaches resulting in total losses exceeding $21 million.
The first hack, in January 2024, exploited a similar vulnerability in the protocol’s smart contracts, breaching insolvency checks and resulting in a $6.4 million loss.
The second major incident, in March 2025, was a complex flash loan attack executed in seven steps, which siphoned off $13 million worth of MIM tokens from the protocol.
These repeated exploits have raised concerns about the security standards of DeFi platforms and the risks posed to decentralized stablecoins like MIM.
Future Measures: Strengthening Abracadabra’s Security
In response to the latest breach, 0xMerlin announced the Abracadabra development team is conducting a thorough review of its internal processes. This review aims to bolster the protocol’s defenses and prevent similar security gaps from being exploited in the future.
As of now, Abracadabra has not released a formal public statement, and attempts to reach the team for further comment have been unsuccessful. However, the quick action to buy back stolen tokens and close off exploited contract vulnerabilities shows a strong commitment to protecting users and the protocol’s stability.
What This Means for the DeFi Community and Investors
Abracadabra’s repeated hacks serve as a cautionary tale about the risks inherent in the rapidly evolving DeFi ecosystem. While decentralized lending protocols offer innovative ways to earn yield and borrow assets, they remain attractive targets for sophisticated cybercriminals exploiting smart contract vulnerabilities.
DeFi users and investors need to stay vigilant and consider security reputation as a significant factor when choosing platforms. Meanwhile, Abracadabra’s efforts to fix weaknesses and cover losses with DAO funds may help restore some trust but underline the urgent need for more robust security frameworks in the decentralized finance sector.
