⚠️ Crypto Crime Watch: MIM Attacker Funnels Millions through Tornado Cash ⚠️
🪙 Magic Internet Money (MIM) is a decentralized stablecoin issued by Abracadabra Finance, designed to maintain a 1:1 peg with the U.S. dollar by using interest-bearing crypto assets as collateral.
💥 Hack Overview
📅 Date: March 25, 2025
🎯 Target: MIM Spell, part of Abracadabra’s lending protocol
🛠️ Exploit Details:
The attack exploited a flaw in the gmCauldron smart contracts, tied to the integration with decentralized exchange GMX.
The attacker used a bug in the liquidation process, which failed to overwrite records in RouterOrder, allowing unauthorized borrowing after liquidation.
💰 Funds Stolen: 6,261 ETH (~$13 million)
✅ User Funds: Abracadabra Finance confirmed user funds were unaffected.
🔧 Recovery Efforts: 50% of the stolen funds have been bought back by Abracadabra.
🎯 Bounty Offer: A 20% reward was offered to the hacker for the return of the stolen assets.
🔍 Summary of Fund Movement
💸 $7.57M Laundered: The attacker recently moved 3,001 ETH (~$7.57 million) into the Tornado Cash crypto mixer.
🧠 Source: On-chain data from CertiK, a blockchain security firm.
🔁 Transfer Path:
Funds were routed through four Ethereum wallets.
The trail began with a wallet starting with 0x51baB, ending in a known Tornado Cash address.
🕵️ Obfuscation Tactics: Use of Tornado Cash makes it extremely difficult to trace the stolen funds.
🔒 The ongoing wave of DeFi exploits highlights the critical need for stronger smart contract security and transparency.