Hacking incidents involving cryptocurrency protocols are on the rise, providing a convenient avenue for criminals to carry out heists without leaving a trace. Recent examples illustrate the challenge of moving billions of dollars through traditional bank accounts due to advanced security. Yet, in the realm of cryptocurrency, such exploits are conceivable. The latest victim is the Abracadabra stablecoin platform, which has suffered significant losses.
SPELL Attack
A report from GoPlus Security disclosed that Abracadabra (SPELL), a stablecoin and lending platform, was attacked, resulting in a loss of $1.77 million. As crypto cybersecurity firms become integral to our lives, more companies now monitor abnormal activities, making it easier to detect previously elusive activities and recognize even smaller intrusions. The cybersecurity team noted that the MIM_Spell X account had not been updated since September 9, following the attack.
The contract address related to the attack, 0xB8e0A4758Df2954063Ca4ba3d094f2d6EdA9B993, self-destructed after the incident, while the hacker’s address was 0x1AaaDe3e9062d124B7DeB0eD6DDC7055EFA7354d.
The attacked contract 0xd96f48665a1410c0cd669a88898eca36b9fc2cce belonged to Abracadabra Money.
“After completing the attack transaction, 51 ETH was transferred to TornadoCash. The attacker’s address (0x1AaaDe) still holds around 344 ETH (~$1.55 million) in unmoved assets.
The team subsequently communicated with the Discord community, stating that DAO reserve funds would be used to repurchase the affected MIMs. However, no updates have been posted on the official Twitter account for nearly a month.” – GoPlus Security
Warnings for Cryptocurrency Enthusiasts
Centralized platforms like FTX pose risks of fraud and disappearances, provoking increased attention towards DeFi after the collapse of 2022. However, DeFi harbors a more significant issue; unlike centralized exchanges monitored and audited, many decentralized platforms fail to conduct adequate penetration tests or allocate sufficient budget for high-level code audits, leaving them vulnerable to hacks.
Unlike hacked websites, which can be restored with backups, if a cryptocurrency protocol is hacked, the assets are irretrievably lost due to blockchain‘s irreversible nature. Therefore, distributing risk between centralized exchanges and DEX can be advisable.
Abracadabra Money was previously attacked twice due to security vulnerabilities in its contracts. Evidently, it failed to allocate the necessary budget for code review and vulnerability mitigation. Alternatively, could it be a case of self-inflicted hacks resembling bank executives siphoning funds? Such events have occurred in the crypto world before.
