GMX smart contracts hacked for 6,260 ETH

Decentralized lending protocols on Magic Internet Money (MIM) have been hacked for 6,260 ETH. The exploit has not affected the GMX protocol or GM tokens used in those vaults, but only specific liquidity hubs for decentralized lending. 

Contracts related to GMX and Magic Internet Money (MIM) Spell lending vaults have been exploited for 6,260 ETH, locked in related liquidity vaults. 

The decentralized lending vaults on Arbitrum were exploited for WETH and ETH; then, the funds were bridged through Stargate to the Ethereum mainnet for laundering. The attacker moved MIM, USDC, USDC, ETH, and WETH, finally swapping all assets on Ethereum for further mixing.

Stargate Bridge helped the easy movement of funds, as it held $160M in available liquidity. Arbitrum is a rare choice for a hack, but still offers multiple options to move into Ethereum for more liquidity and swapping option.

The stolen funds ended up in three ETH addresses, which are now monitored for further movements or mixing. Some of the addresses are not yet tagged as belonging to an exploit, while the initial address was labeled as Fake Phishing right after the attack.

GMX users not affected, only MIM vaults lose funds

GMX itself has only given the model to build MIM Abracadabra vaults and use GM tokens for passive income. GMX explained its protocol remained sound, and did not lose ETH or other assets. MIM remains close to its $1 peg, surviving the attack at $0.99, a usual range for a stablecoin. Following the news of the exploit, GM tokens fell from $14.70 to $13.37, in line with the token’s general sliding trend. 

https://x.com/GMX_IO/status/1904509326129238479

No issues were discovered with GMX contracts, and the problem is not with the project’s technology. GMX users are not affected, just the GMX V2 pools. GMX V2 is a decentralized perpetual exchange with $341.48M in available liquidity. MIM uses the exchange’s pools but has not yet announced its exact vulnerability.

The project claimed the exploit originated with the Abracadabra/Spell cauldrons, which are liquidity pools for borrowing against collateral of GM tokens. 

The GMX and MIM teams, as well as other security researchers are still looking at the flaws in the smart contracts that allowed the hacker to transfer funds in a single transaction. The attacker has already started moving the ETH into smaller batches of 1,000, sending it to alternative addresses. 

For now, the attacker remains uncertain, but the practice of moving into ETH and splitting it into smaller wallets resembles previous techniques used by the Lazarus group. The initial funds also came from an address linked to the Tornado Cash mixer, often favored by DPRK hackers. None of the funds remained in USDT or USDC, which could be tracked down or frozen. Currently, there is no opportunity to freeze funds, and further trading or laundering is possible through DEX protocols. 

The Abracadabra Spell lending protocol is a relatively small Arbitrum DeFi app, but still managed to attract hackers for some of its pools, known as Cauldrons. The Abracadabra Spell lending app carries $48.84M in liquidity, while the other version, Abracadabra, carries over $52M in value locked. 

MIM can be produced through the vaults and used for additional liquidity in the Arbitrum ecosystem. The MIM Swap exchange carries an additional $17.7M in DEX liquidity. The Cauldrons are simply lending pools, which allow traders to perform both borrowing or leverage operations on-chain or cover their loans and reduce leverage.

MIM hacked for the second time

In January 2024, MIM was also hacked through its lending smart contract. The reason was that the contract used shares to calculate the outstanding debt. 

Due to a precision calculation vulnerability, MIM lost $6.5M, following flawed flash loans. The exploit hinged on flawed calculation of amount owned, allowing the hacker to withdraw more funds. 

This time, the transaction record shows no flash loans or other microtransactions. The hacker needed some funds to interact with the protocol, managing to gain access to stablecoins, as well as WETH on Arbitrum.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot