Abracadabra Money: The Path Forward
Yesterday, the gmCauldrons suite of products got hit by a hack that resulted in the loss of approximately 13m MIM from the protocol. The rest of the Abracdabra product remains unaffected. The following document highlights what the next steps will be for the Abracadabra DAO, and how we will grow past this terrible incident.To begin with, the DAO treasury, which currently holds around $19m in assets, already acquired 6.5m MIM and repaid 50% of the total loss, with the rest to be absorbed by our treasury in the next months.
Launched over a year ago, the gmCauldrons quickly became a core part of the Abracadabra ecosystem. They enabled users to collateralize gmTokens to borrow MIM or leverage their yield-bearing LP tokens.
Before launch and throughout their lifecycle, the gmCauldrons underwent multiple security audits by Guardian Audits, a leading firm also responsible for reviewing the GMX v2 codebase. Additionally, the cauldrons were continuously monitored by Hexagate and ZeroShadow, two robust threat detection systems. ZeroShadow helped us rapidly trace the attacker’s steps. It’s important to clarify that the alert did not trigger due to a configuration gap, rather than a malfunction in the Hexagate platform. We’re reviewing our setup and working collaboratively with Hexagate and our security partners to strengthen monitoring coverage and improve incident response processes.
Despite these layers of protection, the attacker managed to exploit the gmCauldron for approximately 6,000 ETH (around $13 million). This is a hard moment, but it’s also a turning point.No user’s funds were lost, and the rest of the Abracdabra products remain unaffected.
The full technical post-mortem is can be found here.
The Path Forward
While this incident is a setback, it does not define our future. The Abracadabra DAO and our community of contributors are already working to rebuild with strength, focus, and even greater resilience.
The next months for Abracadabra will revolve around 4 main pillars:
Treasury Holding and Remediation Plan
Berachain Expansion
Nibiru Expansion
Purrswap
The Abracadabra DAO treasury remains in a healthy and solvent position, with diversified holdings across multiple liquid assets. These reserves place the DAO in a strong position to address the impact of the recent exploit in a responsible and transparent manner.
MIM peg held perfectly well during the whole crisis, with some slight deviation from its 1$ mark.
Treasury holdings, which amount to approximately $19m can be found here. An additional 4m is held in the Depeg Contingency Fund, and is ready to be deployed following a DAO proposal.
A portion of the treasury has been allocated to buy back the exploited MIM from circulation, reducing any unintended supply distortion and supporting the peg. With part of this amount, the DAO treasury acquired around 6.5m MIM, which amounted to 50% of the total loss, and burned about half of the bad debt created by the hack.
With the first 50% of the loss being covered in the first 48 hours from the hack, and the remaining being covered with the rest of the treasury funds over the next months, we expect this incident to be fully resolved by mid 2025.
The first burn transaction can be found here.
The rest of this process will be executed in a careful and phased approach to minimize market disruption while prioritizing long-term stability!
Our guiding principles remain clear: protect LPers, preserve protocol integrity, and rebuild trust through action and transparency.
The Berachain cauldrons are coming soon, and they are ready to be pushed live, allowing users to utilise multiple different LP tokens as collateral to mint MIM.
The full list of approved cauldrons is:
Infrared WBERA-WETH Vault (BEX LP)
Infrared WBERA-WBTC Vault (BEX LP)
Infrared MIM-USDT0 Vault (Kodiak Island)
Infrared WBERA-HONEY Vault (Kodiak Island)
Infrared WBERA-WETH Vault (Kodiak Island)
Infrared WBERA-WBTC Vault (Kodiak Island)
Additionally, deeper integration between Abracadabra and Berachain are coming, with SPELL emissions ready to be directed towards POL. Thanks to AIP 55, Abracadabra has a strong and committed partner in the Berachain Ecosystem. The Kodiak investment allows Abracadabra to be at the forefront of berachain innovation, ready to push multiple products that revolve around the leading DEX on Berachain. SPELL emissions are coming soon to kickstart POL for the MIM - USDT0 pool, which will fuel the rest of the Berachain Expansion!Berachain will also mark the first deployment of the new Omnichain SPELL, built upon the OFT v2 standard, and that will be used to bring SPELL to all the chains the DAO needs to encourage liquidity on!Omnichain SPELL will also help make the users affected by the multichain debacle whole, with a proposal ready to be posted on the forum in the short period!
Following the successful passing AIP #62, MIMswap is ready to be deployed on Nibiru, providing a reliable Stableswap for the Nibiru ecosystem to build upon.
The launch of cauldrons on the network is also coming up soon for the DAO to vote on, with the opening of MIM beaming coming soon!
Between MIMswap and Cauldrons, Abracadabra is set to become the cornerstone of the Nibiru ecosystem, fuelling growth and innovation on the network.
The first AbracadabraDAO incubation protocol is also ready to launch soon. Thanks to AIP 67, MIMswap technology is licensed to Purrswap to launch the first Stableswap on HyperEVM.A SPELL holder airdrop is coming, so if you haven't already make sure to stake your SPELL tokens on our contracts on Mainnet and Arbitrum to become eligible for it!
Purrswap represents yet another scenario where the reliability, price execution and composability of MIMswap will be put to use to push the exciting HyperEVM ecosystem forward! Deep integrations between Purrswap and HyperLiquid are already planned, with the Purrswap team and Abracadabra DAO contributors working tirelessly to ship this new chapter of the DAO history!
We would like to personally thank all the security experts, protocols and partners that shared their support in this dire time.
We are in close contact with Chainalysis who are tracking the stolen funds that are currently consolidated on:\
0xa8f822E937C982e65b0437Ac81792a3AdA76A1ff,
0x047C2a3dd1Ab4105B365685d4804fE5c440B5729
0x018182FD7B856AeE1606D7E0AA8bca10F1Cb0b5d
The best onchain investigators are on this, and all CEXs and centralised entities have already been brought up to speed.
To the hacker, we are happy to entertain negotiations to return the stolen funds, in exchange for a bug bounty, which we are happy to pay in any currency you may require.
If you have information that can lead to the recovery of funds, reach out at reward@abracadabra.money or on chain to our treasury address on ETH 0xDF2C270f610Dc35d8fFDA5B453E74db5471E126B.
Over its history, Abracdabra has been tested multiple times, and each time has grown stronger and more resilient than ever. This time will be no different.