MIM Stablecoin Crashes After $6.5 Million Exploit
The Magic Internet Money (MIM) stablecoin, issued by the decentralized lending platform Abracadabra.money, experienced a flash crash on Tuesday after a hacker exploited a vulnerability in its smart contracts and drained $6.5 million worth of funds.
According to blockchain security firm PeckShield, the attacker used a complex scheme involving Tornado Cash, a privacy protocol that obscures the origin of transactions, to execute the exploit at 11:35 UTC. The hacker exploited a rounding error in the MIM contracts, which allowed them to mint more MIM tokens than they should have, and then swapped them for other cryptocurrencies on decentralized exchanges.
— PeckShield Inc. (@peckshield) January 30, 2024
The exploit caused the MIM price to drop from $1 to $0.76 in a matter of minutes, as the market was flooded with excess supply. MIM is a stablecoin that is supposed to maintain a 1:1 peg with the US dollar, backed by various crypto assets such as ETH, WBTC, and CRV.
The Abracadabra team confirmed the incident on Twitter, saying that they were aware of the exploit and that their engineering team was investigating the situation. They also announced that the Abracadabra DAO, the decentralized organization that governs the platform, would be buying back MIM from the market and burning them to restore the peg. At the time of writing, MIM was trading at around $0.92, according to CoinMarketCap.
The Abracadabra platform allows users to borrow MIM by depositing their interest-bearing tokens, such as yvCRV, as collateral. The platform claims to offer “spellbinding interest rates” and “magical yield farming opportunities” to its users. However, the exploit has cast a shadow over the security and stability of the platform, as well as the MIM stablecoin.
This is not the first time that a stablecoin has been exploited by hackers. In November 2020, the Origin Dollar (OUSD) stablecoin suffered a $7 million loss due to a reentrancy attack. In April 2021, the Fei Protocol (FEI) stablecoin faced a liquidity crisis after a flawed mechanism caused its price to drop below the peg.
We are aware of an exploit involving certain cauldrons on Ethereum.
Our engineering team is triaging and investigating the situation.
To the best of its Ability, the DAO treasury will be buying back MIM from the market to then burn.
More updates are coming.
— 🧙🏼♂️ (@MIM_Spell) January 30, 2024
The MIM exploit is another reminder of the risks and challenges involved in creating and maintaining stablecoins, especially in the decentralized and permissionless environment of DeFi. Users are advised to exercise caution and due diligence when interacting with any stablecoin or DeFi platform.
- Phishing Attack Costs Crypto User $4.2 Million In AEth Tokens
- GBTC Records $458M Net Outflow On Day Four, Spot BTC ETF Group Gains $474M On Fourth Day: BitMEX Research
- Somesing, South Korean Karaoke Platform, Hit By $11.58M SSX Token Hack