Defi exchange GMX and MIM Spell contracts have experienced a devastating hack, resulting in a loss of approximately 6,260 ETH, valued at $13 million. The incident has raised concerns about the security and vulnerability of DeFi protocols.
Hack Exposes DeFi Protocol Flaws
According to PeckShield monitoring, a blockchain security firm, the hack occurred on GMX and MIM Spell-related contracts. The hackers made off with a substantial amount of ETH. However, GMX has clarified that their contracts were not directly affected by the hack.
Instead, the vulnerability lay in Abracadabra/Spell’s cauldrons, which were built on GMX V2’s GM pools. The contributors are currently investigating the cause of the hack, but it is clear that the incident highlights a broader issue of composability risk in DeFi.
Abracadabra, an Omnichain DeFi lending platform, uses interest-bearing tokens as collateral to mint a USD-pegged stablecoin called Magic Internet Money, which is tied to the exploited contracts. Abracadabra’s integration with GMX allowed it to use GMX’s liquidity pools to enable lending and borrowing strategies. The hacker capitalized on a vulnerability that existed in the integration to carry out the exploit.
DeFi Community Reacts to Exploit
GMX, a decentralized exchange launched for trading crypto perpetual futures, has confirmed that its contracts were not directly affected by the hack. However, the integration with Abracadabra exposed a weak point, which highlights a broader issue in DeFi known as “composability risk.” This refers to the risk that interconnected protocols can amplify flaws, allowing one protocol’s flaw to affect others.
The hack has sparked widespread concern about the security of DeFi protocols and the need for more robust security measures. The incident serves as a reminder of the risks associated with DeFi and the importance of prioritizing security and transparency. The DeFi community is watching closely to see what measures will be taken to prevent similar incidents in the future as investigation into the hack continues.
Meanwhile, CTW today reported a case of insider trading involving a Binance employee who realized a profit of $113k and an unrealized profit of $200k through illegal trading practices. As a result of the misconduct, the staff member has been suspended immediately, pending further disciplinary action.
