Share this article
Abracadabra Drained of $13M in Exploit Targeting Cauldrons Tied to GMX Liquidity Tokens
The attack targeted pools tied to GMX liquidity tokens, specifically “cauldrons” using GM tokens as collateral.
Mar 25, 2025, 4:14 p.m.
What to know:
- Abracadabra.Finance, a decentralized lending platform, was exploited for $13 million worth of cryptocurrency.
- The attack targeted pools tied to GMX liquidity tokens within Abracadabra’s “cauldrons.”
- GMX’s contracts were unaffected by the exploit according to the exchange.
Decentralized lending platform Abracadabra.Finance suffered an attack that drained $13 million worth of cryptocurrency from pools tied to GMX liquidity tokens.
Blockchain security firm PeckShield flagged that contracts involving decentralized exchange GMX and Abracadabra were compromised, leading to the theft of 6,260 ETH, worth around $12.98 million at the time of writing.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The exploit focused on so-called "cauldrons," isolated lending markets in Abracadabra where users can borrow against crypto collateral. These particular cauldrons relied on GM tokens, which represent liquidity positions in GMX, a decentralized exchange platform.
Loading...
GMX distanced itself from the incident. In a post on X, an account associated with the exchange said that GMX’s contracts themselves were unaffected. The team later said the breach was “solely related to the Abracadabra/Spell cauldrons,” which used GM tokens as collateral but did not involve GMX’s core infrastructure.
In a statement on X, Abracadabra confirmed the exploit and said core contributors and engineers were investigating the incident to its “fully audited” cauldron. The protocol noted that gmCauldrons had been audited by Guardian Audits — the same firm that audited GMX contracts — and were part of a broader security infrastructure involving monitoring and response tools.
The protocol offered the attacker a 20% bug bounty and invited them to negotiate via email or an on-chain message.
Abracadabra is working with Guardian and GMX as well as other security partners in assessing the extent of the damage and how the attack was executed. A full post-mortem will follow once the investigation concludes, and no user collateral was affected, it said.
Last year Abracadabra.Finance suffered a $6.49 million exploit that caused its Magic Internet Money (MIM) stablecoin to lose its peg to the U.S. dollar.
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Turkey's Paribu Buys CoinMENA in $240M Deal, Expanding Into High-Growth Crypto Markets
With the acquisition, Paribu gains regulatory foothold in Bahrain and Dubai and access to the region's fast-growing crypto user base.
What to know:
- Paribu acquires Bahrain- and Dubai-based CoinMENA for up to $240 million.
- Deal marks Turkey’s biggest fintech acquisition and first international crypto M&A, the firm said.
- The move taps into the MENA region’s fast-growing crypto user base and supportive regulatory hubs.
Top Stories
