{"id":12982,"date":"2025-10-09T12:53:05","date_gmt":"2025-10-09T12:53:05","guid":{"rendered":"https:\/\/bitunikey.com\/news\/abracadabra-1-8m-hack-repeats-earlier-fork-flaw-hacken-reveals\/"},"modified":"2025-10-09T12:53:11","modified_gmt":"2025-10-09T12:53:11","slug":"abracadabra-1-8m-hack-repeats-earlier-fork-flaw-hacken-reveals","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/abracadabra-1-8m-hack-repeats-earlier-fork-flaw-hacken-reveals\/","title":{"rendered":"Abracadabra $1.8m hack repeats earlier fork flaw, Hacken reveals"},"content":{"rendered":"<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">DeFi protocol Abracadabra lost $1.8 million after an attacker exploited a simple logic mistake in its batch function. Analysts at Hacken say the attacker already laundered funds via Tornado Cash.<\/p>\n<div id=\"cn-block-summary-block_8cded1d798ddb1a441b084d1fdb2acea\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Abracadabra lost almost $2 million after an attacker exploited a simple logic mistake in its batch function, similar to an attack on a forked project days earlier.<\/li>\n<li>The attacker bypassed a safety flag meant to check if borrowers had enough collateral and drained six Cauldrons in one go before swapping the stolen MIM for ETH and routing it through Tornado Cash.<\/li>\n<li>This isn\u2019t the first time Abracadabra\u2019s code has been targeted, but the incident highlights how a small unimplemented function can let hackers take advantage, even when the same flaw was visible in a fork.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>In early October, Abracadabra, a DeFi lending protocol that lets people borrow its stablecoin MIM using deposited tokens as collateral and suffered multiple hacker attacks before, this time once again <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/_czepluch\/status\/1975564243304063456\" target=\"_blank\" rel=\"nofollow\">lost about $1.8 million<\/a> after an attacker used a simple logic mistake in the protocol\u2019s batch function to borrow without putting up any collateral, in the same way a forked project had been hit just days before, analysts at blockchain security firm Hacken said in a research note shared with crypto.news.<\/p>\n<p>Abracadabra launched as a way for people to use interest-bearing tokens as collateral and borrow a U.S. dollar-pegged token called Magic Internet Money, or MIM. The system is built around two pieces: Cauldrons, which handle the borrowing rules, and DegenBox, the shared vault that actually holds tokens. In short: you put up collateral in a Cauldron, and the DegenBox keeps track of the money behind the scenes.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>The short version of what went wrong is this: a safety flag that\u2019s supposed to force a final check on whether a borrower actually has collateral got turned off inside a single transaction. As Hacken\u2019s report lays out, the attacker \u201cexploited a logic flaw in Abracadabra\u2019s cook() function where they could borrow MIM tokens and then immediately reset the validation flag that was supposed to check if they had enough collateral.\u201d That allowed a one-shot, uncollateralized borrow across multiple Cauldrons.<\/p>\n<h2 class=\"wp-block-heading\">Under the microscope<\/h2>\n<p>Here\u2019s how the flow worked, in plain terms. Abracadabra uses a batched function called <em>cook() <\/em>so users can do several actions in one transaction. Say, deposit collateral and borrow in the same click. One of those actions, like the \u201cborrow\u201d step, sets a flag named <em>needsSolvencyCheck <\/em>to true, meaning \u201cat the end of this transaction, check that the borrower is safe.\u201d<\/p>\n<figure class=\"wp-block-image size-full\"><figcaption class=\"wp-element-caption\">One of the vulnerable Cauldrons | Source: Hacken<\/figcaption><\/figure>\n<p>But another action that can be run inside the same batch calls \u201c_additionalCookAction(\u2026).\u201d As Hacken points out, that function was declared as \u201cvirtual\u201d and never was implemented, so by default it returned an empty object where everything was set to false, including that <em>needsSolvencyCheck <\/em>flag.<\/p>\n<p>As a result, the attacker called the borrow action, then called the default action that reset the flag, and at the end, the protocol never checked solvency.<\/p>\n<p>The analysts say the attacker hit six Cauldrons in one go, taking roughly 1.79 million MIM and swapping it for ETH. Attackers exploited vulnerability, and systematically went through six different Cauldrons and drained each one \u201cusing the same technique with a dedicated cook function call,\u201d the analysts explained.<\/p>\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"995\" height=\"379\" src=\"https:\/\/bitunikey.com\/news\/wp-content\/uploads\/2025\/10\/1760014385_606_Abracadabra-18m-hack-repeats-earlier-fork-flaw-Hacken-reveals.webp.webp\" alt=\"Abracadabra $1.8m hack repeats earlier fork flaw, Hacken reveals - 2\" class=\"wp-image-14423378\"><figcaption class=\"wp-element-caption\">Laundered funds from the Abracadabra hack | Source: Hacken<\/figcaption><\/figure>\n<p>After swapping, the attacker routed funds through Tornado Cash, a crypto mixing protocol, mostly 10 ETH each, sending gradually over the following day.<\/p>\n<p>And this isn\u2019t the first time Abracadabra\u2019s CauldronV4 code has been involved in trouble. Other incidents earlier this year used different edge cases in the same family of contracts. What\u2019s interesting now is how fast the forked deployment reacted.<\/p>\n<p>According to the report, a fork called Synnax <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/synnax_labs\/status\/1975344459522187298\" target=\"_blank\" rel=\"nofollow\">paused<\/a> or un-whitelisted its CauldronV4 master on its own DegenBox days before the Abracadabra drain, so basically the fork team pulled the emergency brake after spotting the same weak pattern, suggesting that the risk was visible to teams watching the code, if not fixed.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>DeFi protocol Abracadabra lost $1.8 million after an attacker exploited a simple logic mistake in its batch function. Analysts at Hacken say the attacker already laundered funds via Tornado Cash.&hellip;<\/p>\n","protected":false},"author":1,"featured_media":10096,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12982","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/12982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=12982"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/12982\/revisions"}],"predecessor-version":[{"id":12983,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/12982\/revisions\/12983"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/10096"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=12982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=12982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=12982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}