Magic Internet Money, a decentralised and collateral-backed stablecoin issued by the Abracadabra DeFi lending platform, dramatically fell to $0.84 on January 30, marking a record low according to CoinGecko data. Coinmarketcap reports that the price fell as low as $0.76 at one point, but at the time of writing, the token was trading at $0.97 and continuing to rise.

The price drop happened right after PeckShield, a blockchain security and data analytics company, reported a $6.5 million exploit of the MIM token. The company suggested that the attack was initially funded with 1 ETH from Tornado Cash. CertiK, Web3's smart contract auditor, confirmed the exploit and stated that according to early indications, a rounding bug in the protocol was the root cause.

💡
Rounding (roundoff) errors result from the computer's inability to represent some numbers exactly. The error appears when the rounding of a number to one with fewer decimals takes place.

The attacker used Cauldrons V3 & V4, which facilitate the lending and borrowing of crypto assets. At the time of writing, the borrowing limits have been set to zero for these cauldrons.  Repeatedly using discrepancies between methods of tracking borrowed assets, the hacker made the protocol underestimate the debt, swapped stolen MIM for Ethereum, and transferred it to two wallets. 

The Abracadabra ecosystem confirmed the export involving certain cauldrons on Ethereum and promised that the DAO treasury would be “buying back MIM from the market to the best of its ability to then burn.” The developers later tweeted that the issue was fully mitigated and no user collateral was at risk. The team also reported that Chainalysis is providing help with the issue, due to a Crypto Incident Response partnership forged between the two companies in March 2023 to enhance the protocol's security. The Abracadabra team has also managed to reach the suspected hacker via an on-chain message, but no reply has been published yet: 

“Hello, we are addressing the recent security issue you identified in our system. We’re inclined to believe your actions were motivated by white hat intentions, and we’re keen to engage in a dialogue about the situation. For mutual assurance, we kindly ask that you provide an on-chain signature along with your initial response… Eagerly awaiting our conversation.”
🏦
Last Summer, the developers of the platform put forward a proposal for a centralized legal entity instead of a DAO to take over certain management functions. The latest update shows that the DAO has voted to select the Swiss association that will act as the legal representative that will allow Abracadabra Money DAO to interact with centralized entities.

According to our Observations, the MIM stablecoin is not always as stable as it is supposed to be. It has lost its peg to the U.S. dollar multiple times over the years. Both the Terra and FTX collapses had their toll on the token: in June 2022, the MIM stablecoin lost its dollar peg due to a reported $12 million of bad debt following the collapse of the Terra ecosystem. Later after the FTX fallout, a second short depeg happened, but unlike many other projects, MIM managed to survive the storm and recover in both cases.

MIM to USD. Source: CoinGecko

Hopefully it won't prove third time unlucky for Abracadabra.

Share this article
The link has been copied!