Catenaa, Saturday, October 11, 2025-DeFi lending protocol Abracadabra reported the theft of nearly $1.8 million in its decentralized stablecoin Magic Internet Money (MIM) after an attacker exploited a smart contract flaw bypassing solvency checks.
The breach, which occurred late Saturday, marks the third major hack for Abracadabra since early 2024.
Security firm BlockSec Phalcon said the attacker manipulated a function in deprecated contracts, extracting 1.79 million MIM.
Funds were routed through Tornado Cash and swapped for ETH before returning to the mixer, obscuring the transaction trail.
Abracadabra confirmed that no user funds were affected. DAO contributor 0xMerlin said the protocol used treasury funds to repurchase the stolen MIM and plans to recover the value in ETH.
The platform currently holds a total value locked of $154 million and a circulating MIM supply near 44 million tokens across Ethereum and Arbitrum.
Previous attacks on Abracadabra include a $6.4 million exploit in January 2024, and a March 2025 seven-step flash loan hack costing $13 million, bringing cumulative losses to over $21 million since 2024. The team is reviewing internal processes to prevent future exploits.
Abracadabra has not issued a public statement, and representatives could not be reached for comment.
