Magic Internet Money, a decentralised and collateral-backed stablecoin issued by the Abracadabra DeFi lending platform, dramatically fell to $0.84 on January 30, marking a record low according to CoinGecko data. Coinmarketcap reports that the price fell as low as $0.76 at one point, but at the time of writing, the token was trading at $0.97 and continuing to rise.
The price drop happened right after PeckShield, a blockchain security and data analytics company, reported a $6.5 million exploit of the MIM token. The company suggested that the attack was initially funded with 1 ETH from Tornado Cash. CertiK, Web3's smart contract auditor, confirmed the exploit and stated that according to early indications, a rounding bug in the protocol was the root cause.
The attacker used Cauldrons V3 & V4, which facilitate the lending and borrowing of crypto assets. At the time of writing, the borrowing limits have been set to zero for these cauldrons. Repeatedly using discrepancies between methods of tracking borrowed assets, the hacker made the protocol underestimate the debt, swapped stolen MIM for Ethereum, and transferred it to two wallets.
The Abracadabra ecosystem confirmed the export involving certain cauldrons on Ethereum and promised that the DAO treasury would be “buying back MIM from the market to the best of its ability to then burn.” The developers later tweeted that the issue was fully mitigated and no user collateral was at risk. The team also reported that Chainalysis is providing help with the issue, due to a Crypto Incident Response partnership forged between the two companies in March 2023 to enhance the protocol's security. The Abracadabra team has also managed to reach the suspected hacker via an on-chain message, but no reply has been published yet:
“Hello, we are addressing the recent security issue you identified in our system. We’re inclined to believe your actions were motivated by white hat intentions, and we’re keen to engage in a dialogue about the situation. For mutual assurance, we kindly ask that you provide an on-chain signature along with your initial response… Eagerly awaiting our conversation.”
According to our Observations, the MIM stablecoin is not always as stable as it is supposed to be. It has lost its peg to the U.S. dollar multiple times over the years. Both the Terra and FTX collapses had their toll on the token: in June 2022, the MIM stablecoin lost its dollar peg due to a reported $12 million of bad debt following the collapse of the Terra ecosystem. Later after the FTX fallout, a second short depeg happened, but unlike many other projects, MIM managed to survive the storm and recover in both cases.
Hopefully it won't prove third time unlucky for Abracadabra.