Crypto Scam: Abracadabra Hacked Again: $1.8M Lost in Latest DeFi Breach

Abracadabra becomes a victim of its third significant DeFi hack post-2024 as attackers steal $1.8 million using a cook function vulnerability.

The Magic Internet Money (MIM) stablecoin, which is based on the DeFi lending protocol Abracadabra, was recently hacked to the tune of approximately $1.8 million. This is the third huge breach of the platform since 2024.

The attacker took advantage of a logical defect of the Abracadabra cook feature, which executes several operations within a single transaction

This loophole evaded insolvency checks that were to ensure the avoidance of excessive borrowing. The attacker exploited this vulnerability by making six calls to the cook function using six addresses, which drained 1.79 million MIM tokens from the protocol.

Fraudulent Cook Feature Malfunctions Massive Loss.

The fundamental weakness is the manner in which the cook operation performs several preset actions that all have the same status

Action 5 of the process of the function provokes a solvency check flag when it occurs. However, the next operation 0 clears this flag as it has an empty internal update function, which means it goes straight to the last insolvency check.

This overborrowing gave freedom to the attacker. The stolen tokens of MIM were hastily turned and laundered using Tornado Cash to erase any traces, and some of the proceeds were turned into ETH.

Third Big Adventure Lifts DeFi Ringing Bells.

The recent hack of Abracadabra is not the only one. The protocol has suffered two attacks before, one in January 2024, causing a loss of $6.5 million, and another in March 2025, resulting in a loss of about $13 million. Both of these incidents relate to sophisticated smart contract vulnerabilities exploited by attackers to empty wallets.

The decentralized autonomous organization (DAO) of Abracadabra responded promptly after the recent breach

To stabilize the platform, they fixed the exposed contracts and bought off the market the stolen MIM

On X, the DAO representative 0xMerlin told users that the attack did not directly affect their own funds and that they are strengthening their internal security.

This is the third violation that raises questions about the security of smart contracts in DeFi

Analysts also highlight that regulators should strictly apply solvency checks and independently verify transaction statuses to prevent this type of mischief in multi-action transactions.