The attack specifically targeted the smart contract of the project and exploited security vulnerabilities within multiple liquidity pools of MagicBank.
BlockSec, a renowned security firm, has verified the hacking incident with the Abracadabra project’s smart contracts and identified a rounding issue that caused a “loss of precision.” Based on their assessment, as of Tuesday evening, January 30, an estimated $29 million in assets still remained within the compromised contracts.
“Our analysis indicates that the root cause lies in a loss of accuracy, which allowed the attacker to bypass solvency checks and borrow a significant amount of tokens with minimal collateral. The project and its users are currently at risk, necessitating immediate action,” stated BlockSec’s CTO, Lei Wu.
Cybersecurity specialists from CyProtect further revealed that upon initial analysis of the exploit, they were able to trace the attacker’s address, which had received over 1,800 ETH worth nearly $4 million.
The Abracadabra Finance team has acknowledged the incident and promptly initiated measures to rectify the exploit.
In a separate incident, Somesing, a South Korean cryptocurrency platform, fell victim to a hacking attack, resulting in a loss of approximately 730 million SSX tokens valued at over $11.5 million.