The decentralized finance (DeFi), Abracadabra, is dealing with a cyberattack that resulted in the theft of nearly $13 million worth of cryptocurrency. The Abracadabra cyberattack, which targeted the platform’s “gmCauldrons,” has shaken the cryptocurrency market particularly those that rely on liquidity tokens from decentralized exchanges like GMX.
Decoding the Abracadabra Cyberattack
The cyberattack on Abracadabra occurred in March 2025 and drained 6,260 ETH, valued at approximately $12.98 million at the time. The exploit was flagged by blockchain security firm PeckShield, which identified suspicious transactions involving contracts from Abracadabra and decentralized exchange GMX. These contracts were connected to gmCauldrons, isolated lending markets within Abracadabra that allowed users to borrow against crypto collateral.
The gmCauldrons in question were designed to use GM tokens—liquidity positions from GMX—however, it was these specific cauldrons, not the GMX platform itself, that were compromised. GMX, which operates as a decentralized exchange, distanced itself from the incident.
According to GMX Communications Contributor Jonezee, “To clarify, GMX contracts are not affected. The exploit relates solely to Abracadabra’s gmCauldrons based on GMX V2’s GM pools. We’re deeply sorry for anyone affected by this unfortunate situation.”
Abracadabra’s Response to the Attack
Following the breach, Abracadabra quickly issued a statement acknowledging the exploit, assuring its users that no collateral was affected, and only the gmCauldrons had been targeted. The platform explained that its gmCauldrons had undergone rigorous auditing by Guardian Audits, the same firm responsible for auditing GMX’s core contracts. Despite these security measures, the cyberattack on Abracadabra wasn’t detected until the hacker had already executed several transactions.
Abracadabra’s team moved quickly to mitigate the damage. With the help of Zeroshadow, a security firm, the team turned off all borrows to the affected cauldrons to prevent further exploitation. They also confirmed that funds from the attack were consolidated across three addresses, and they were in close contact with Chainalysis, a blockchain forensics firm, to trace the stolen funds.
To resolve the situation, Abracadabra has even offered the hacker a 20% bug bounty, with an invitation to negotiate the return of the funds. A message was sent via on-chain communication, and the protocol shared an email address for the hacker to contact them if they wished to discuss the matter further. Abracadabra also stated that a full post-mortem report would be provided once the investigation is concluded.
A Broader Look at the Abracadabra Data Breach and the Impact on GMX
While the exploit was primarily confined to Abracadabra’s gmCauldrons, it has stirred up concerns within the broader DeFi community. GMX, which was not directly impacted by the breach, clarified that the attack was restricted to Abracadabra’s infrastructure. GMX reiterated that its contracts were secure and unaffected by the cyberattack on Abracadabra. GMX, a popular decentralized exchange, offers users the ability to trade assets like BTC, ETH, and SOL with up to 100x leverage, directly from their wallets.
Jonezee of GMX explained, “We believe the issue relates solely to the Abracadabra/Spell cauldrons. These cauldrons allow for borrowing against specific GM liquidity tokens, but the GMX platform itself has not been compromised.”
Security experts have been working together to investigate the cause of the exploit, including teams from Guardian Audits, GMX, and other security researchers. The full details of how the exploit was carried out remain under investigation.
Tracking the Stolen Funds
As of the latest update, the stolen funds from the Abracadabra data breach have been consolidated across three wallets, with the addresses being tracked by Chainalysis and Zeroshadow’s monitoring team. The stolen cryptocurrency, which includes 6,260 ETH, was bridged to the Ethereum network and distributed across multiple addresses, making it more difficult to trace the movement of the funds. The addresses identified in the attack include:
- 0x018182FD7B856AeE1606D7E0AA8bca10F1Cb0b5d
- 0xa8f822E937C982e65b0437Ac81792a3AdA76A1ff
- 0x047C2a3dd1Ab4105B365685d4804fE5c440B5729
Despite the complex nature of the hack, Abracadabra’s security infrastructure, including partnerships with Zeroshadow and Chainalysis, has played a crucial role in tracking the movement of the stolen funds.
