GMX smart contracts hacked for 6,260 ETH

Source Cryptopolitan

Decentralized lending protocols on Magic Internet Money (MIM) have been hacked for 6,260 ETH. The exploit has not affected the GMX protocol or GM tokens used in those vaults, but only specific liquidity hubs for decentralized lending. 

Contracts related to GMX and Magic Internet Money (MIM) Spell lending vaults have been exploited for 6,260 ETH, locked in related liquidity vaults. 

The decentralized lending vaults on Arbitrum were exploited for WETH and ETH; then, the funds were bridged through Stargate to the Ethereum mainnet for laundering. The attacker moved MIM, USDC, USDC, ETH, and WETH, finally swapping all assets on Ethereum for further mixing.

Stargate Bridge helped the easy movement of funds, as it held $160M in available liquidity. Arbitrum is a rare choice for a hack, but still offers multiple options to move into Ethereum for more liquidity and swapping option.

The stolen funds ended up in three ETH addresses, which are now monitored for further movements or mixing. Some of the addresses are not yet tagged as belonging to an exploit, while the initial address was labeled as Fake Phishing right after the attack.

GMX users not affected, only MIM vaults lose funds

GMX itself has only given the model to build MIM Abracadabra vaults and use GM tokens for passive income. GMX explained its protocol remained sound, and did not lose ETH or other assets. MIM remains close to its $1 peg, surviving the attack at $0.99, a usual range for a stablecoin. Following the news of the exploit, GM tokens fell from $14.70 to $13.37, in line with the token’s general sliding trend. 

https://x.com/GMX_IO/status/1904509326129238479

No issues were discovered with GMX contracts, and the problem is not with the project’s technology. GMX users are not affected, just the GMX V2 pools. GMX V2 is a decentralized perpetual exchange with $341.48M in available liquidity. MIM uses the exchange’s pools but has not yet announced its exact vulnerability.

The project claimed the exploit originated with the Abracadabra/Spell cauldrons, which are liquidity pools for borrowing against collateral of GM tokens. 

The GMX and MIM teams, as well as other security researchers are still looking at the flaws in the smart contracts that allowed the hacker to transfer funds in a single transaction. The attacker has already started moving the ETH into smaller batches of 1,000, sending it to alternative addresses. 

For now, the attacker remains uncertain, but the practice of moving into ETH and splitting it into smaller wallets resembles previous techniques used by the Lazarus group. The initial funds also came from an address linked to the Tornado Cash mixer, often favored by DPRK hackers. None of the funds remained in USDT or USDC, which could be tracked down or frozen. Currently, there is no opportunity to freeze funds, and further trading or laundering is possible through DEX protocols. 

The Abracadabra Spell lending protocol is a relatively small Arbitrum DeFi app, but still managed to attract hackers for some of its pools, known as Cauldrons. The Abracadabra Spell lending app carries $48.84M in liquidity, while the other version, Abracadabra, carries over $52M in value locked. 

MIM can be produced through the vaults and used for additional liquidity in the Arbitrum ecosystem. The MIM Swap exchange carries an additional $17.7M in DEX liquidity. The Cauldrons are simply lending pools, which allow traders to perform both borrowing or leverage operations on-chain or cover their loans and reduce leverage.

MIM hacked for the second time

In January 2024, MIM was also hacked through its lending smart contract. The reason was that the contract used shares to calculate the outstanding debt. 

Due to a precision calculation vulnerability, MIM lost $6.5M, following flawed flash loans. The exploit hinged on flawed calculation of amount owned, allowing the hacker to withdraw more funds. 

This time, the transaction record shows no flash loans or other microtransactions. The hacker needed some funds to interact with the protocol, managing to gain access to stablecoins, as well as WETH on Arbitrum.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
BNB Price Reclaims $600 — Is This the Start of a Major Upside Move?BNB price is rising from the $580 support zone. The price is now consolidating gains above $600 and might aim for more gains in the near term. BNB price is attempting to recover above the $615
Author  FXStreet
4 Month 23 Day Wed
BNB price is rising from the $580 support zone. The price is now consolidating gains above $600 and might aim for more gains in the near term. BNB price is attempting to recover above the $615
placeholder
XRP Price Slips After Rally — Bulls Still in Play or Fading Fast?XRP price started a fresh increase above the $2.220 zone. The price is now correcting gains and might find bids near the $2.150 support zone. XRP price started a fresh increase above the $2.20 zone.
Author  NewsBTC
4 Month 24 Day Thu
XRP price started a fresh increase above the $2.220 zone. The price is now correcting gains and might find bids near the $2.150 support zone. XRP price started a fresh increase above the $2.20 zone.
placeholder
Bitcoin Continues To Flow Out Of Major Exchanges — Supply Squeeze Soon?It was quite the coincidence that the cryptocurrency market jolted back to life after Easter Sunday, with Bitcoin leading the way with more than a double-digit gain. While the price of BTC continues
Author  NewsBTC
Yesterday 05: 44
It was quite the coincidence that the cryptocurrency market jolted back to life after Easter Sunday, with Bitcoin leading the way with more than a double-digit gain. While the price of BTC continues
placeholder
Ethereum Price Reaches Last H1 Support, Next Major Resistance Comes Into ViewEthereum, the second-largest cryptocurrency, has increased by 12.3% over the past seven days. Interestingly, Ethereum has held its ground firmly, supported by a clean uptrend that began after the
Author  NewsBTC
Yesterday 05: 45
Ethereum, the second-largest cryptocurrency, has increased by 12.3% over the past seven days. Interestingly, Ethereum has held its ground firmly, supported by a clean uptrend that began after the
placeholder
Gold price crumbles below $3,300 as trade hopes fade, US Dollar stays firmGold price made a U-turn and erased Thursday’s gains, falling below the $3,300 mark as the Greenback remained bid and Bullion failed to capitalize on falling US Treasury yields.
Author  FXStreet
Yesterday 05: 49
Gold price made a U-turn and erased Thursday’s gains, falling below the $3,300 mark as the Greenback remained bid and Bullion failed to capitalize on falling US Treasury yields.
goTop
quote