Abracadabra appears to have been hacked for the third time in two years

Abracadabra Money, an omnichain DeFi lending platform behind the Magic Internet Money (MIM) stablecoin, has reportedly suffered another exploit resulting in the loss of roughly $1.7 million in digital ￰0￱ claim, posted by several researchers on X, marks the latest security incident for the project, which has previously been targeted by ￰1￱ to Vladimir S ., a blockchain threat researcher with the X handle, @officer_cia, the protocol was drained of $1.7 million before the attacker transferred the stolen funds into Tornado ￰2￱ researcher’s claim followed an earlier post on X by Weilin William Li (@hklst4r), who had flagged the incident as a vulnerability in Abracadabra’s smart contracts but stopped short of confirming the exploit at the ￰3￱ in ‘solvency check’ logic Li said the suspected attacker may have exploited a flaw in the protocol’s logic that allowed them to bypass a solvency check, a safeguard designed to ensure that borrowers cannot withdraw more funds than they are entitled to.

“It seems Abracadabra @MIM_Spell is hacked again,” Li wrote . “This time a more obvious vulnerability, where an ‘else’ branch clears the status variables and sets ‘needSolvencyCheck’ to false by default.” Li also implied that Abracadabra Money was already aware of the situation as he wrote “They have paused all their contracts now,” while cautioning that his findings were preliminary and could be subject to ￰4￱ Money is a familiar target for hackers If confirmed, this would be the third exploit the platform has suffered in roughly two ￰5￱ first was in January 2024, when it suffered a $6.49 million ￰6￱ exploit caused its MIM stablecoin to lose its peg to the US ￰7￱ second exploit occurred in March 2025; the protocol lost an estimated $13 million after attackers exploited vulnerabilities in its “cauldron” smart contracts tied to GMX.

That’s the largest breach the platform has suffered to date, and it caused Abracadabra to pause borrowing across its ecosystem and offered a 20% bounty to the hackers for the safe return of funds. DeFi’s persistent security challenges Abracadabra Money’s recurring vulnerabilities have drawn criticism from parts of the DeFi ￰8￱ relatively modest amount involved, $1.7 million compared to earlier multi-million-dollar DeFi exploits, may indicate a partial drain or that the vulnerability was discovered and mitigated before further damage ￰9￱ estimated $307 million is reported to have been stolen from crypto platforms globally in the third quarter (Q3) of 2025, with DeFi exploits coming second after centralized exchanges, according to data shared by ￰10￱ is an improvement to the figures that were lost to exploits in Q2 and ￰11￱ year alone has seen over $3 billion lost to ￰12￱ Q4 just starting, Abracadabra Money is one of the first casualties of the ￰13￱ of the time of writing, Abracadabra Money has yet to issue an official statement addressing the reported ￰14￱ your project in front of crypto’s top minds?

Feature it in our next industry report, where data meets impact.