Some of the links on this site may be affiliate links. ICOBench may receive advertising commissions when users visit recommended platforms via our affiliate links, at no additional cost to you. All recommendations are based on a comprehensive review process. 
DeFi lending protocol Abracadabra suffered another security breach late on October 4, resulting in the loss of approximately $1.8 million worth of cryptocurrencies. The attack exploited a smart contract vulnerability, though the project’s team has stated that user funds remain safe.
.@MIM_Spell was attacked hours ago, resulting in a loss of ~$1.7M. The root cause stems from the flawed implementation logic of the cook function, which allows users to execute multiple predefined operations in a single transaction. Specifically, the actions share a common… pic.twitter.com/4tQzkRbwcT
— BlockSec Phalcon (@Phalcon_xyz) October 4, 2025
Third Major Hack Raises Questions About Protocol Security
This incident marks Abracadabra’s third major exploit since 2024. The protocol previously lost $6.4 million in January 2024 and $13 million in March 2025, bringing total damages to over $21 million.
Repeated attacks have severely damaged investor trust in Abracadabra’s security infrastructure. Further concerns arose as the project’s official X (formerly Twitter) account has not been updated since early September, drawing criticism for poor transparency and crisis communication.
According to blockchain security firm CertiK, crypto-related hacks in Q3 2025 alone have led to $307 million in total losses across global DeFi platforms. The latest breach underscores the systemic security vulnerabilities that continue to plague the decentralized finance sector.
How the Attack Happened
Blockchain analytics firm BlockSec Phalcon revealed that attackers exploited a flaw in Abracadabra’s “cook function,” which enables multiple operations in a single transaction. The attacker combined a borrow command with a null update to bypass repayment verification, allowing them to illicitly withdraw 1.79 million Magic Internet Money (MIM) — Abracadabra’s native stablecoin.
The stolen funds were converted to Ethereum (ETH) and laundered through the Tornado Cash mixer to obscure the transaction trail.
DAO Takes Emergency Measures
Following the exploit, the Abracadabra DAO immediately suspended affected contracts and deployed treasury funds to repurchase MIM from the market, successfully maintaining its USD peg stability.
While this quick response prevented broader contagion, experts note that the recurrence of similar attack vectors indicates deep-rooted risk management flaws within the protocol.
Cybersecurity professionals are calling for stricter code audits, simulation stress tests, and standardized DeFi security frameworks across the industry to prevent future incidents.
Industry Impact for Abracadabra’s repeated exploits
Abracadabra’s repeated exploits add pressure on other DeFi protocols to strengthen internal controls amid rising regulatory and user scrutiny. As decentralized finance expands, security is emerging as the new competitive frontier. For example, a secure wallet is essential to protect your cryptocurrencies.
