利用Abracadabra協議，黑客從流動性池中流失了1300萬美元

Abracadabra智能合約的安全缺陷導致了一個重大的漏洞，黑客耗盡了6262 ETH約6262 ETH

A critical security flaw in Abracadabra’s smart contracts has been exploited by a hacker to steal around 6,262 ETH, valued at roughly $13 million, from the protocol’s liquidity pools. The exploit, identified as a flash loan exploit, was initially detected by blockchain security firm, PeckShield.

Abracadabra智能合約的一個關鍵安全漏洞已被黑客利用，從協議的流動性池中竊取了大約6,262 ETH，價值約為1300萬美元。該漏洞利用被確定為Flash貸款利用，最初由區塊鏈安全公司Peckshield檢測到。

How Abracadabra’s lending system was exploited

Abracadabra的貸款系統如何利用

Abracadabra’s lending system, known for its cauldrons that integrate with GMX liquidity pools for borrowing and lending, was the target of the exploit.

Abracadabra的貸款系統以與GMX流動性庫集成以藉貸和貸款的大鍋而聞名，是剝削的目標。

According to blockchain security researchers, the hacker manipulated the liquidation process in the GMX V2 integration. An unidentified weakness in this integration allowed the exploiter to withdraw funds from the protocol.

根據區塊鏈安全研究人員的說法，黑客操縱了GMX V2集成中的清算過程。在此整合中，未知的弱點使剝削者可以從協議中撤回資金。

Further analysis by blockchain researcher, Weilin Li, revealed that the attacker used a large flash loan to trigger self-liquidation.

區塊鏈研究人員Weilin Li的進一步分析表明，攻擊者使用了大量的閃光貸款來觸發自動化。

This was possible due to a property of GMX V2 that allows users to liquidate their positions if the price drops to the liquidation price. In this case, the attacker borrowed Magic Internet Money (MIM), Abracadabra’s stablecoin, and paid a liquidation premium to be immediately liquidated.

由於GMX V2的財產，如果價格下跌至清算價格，則可以清算其頭寸。在這種情況下，攻擊者藉用了魔術互聯網貨幣（MIM），阿布拉卡達布拉（Abracadabra）的Stablecoin，並支付了清算保費，以立即清算。

However, a GMX developer confirmed that the exploit did not affect GMX’s core contracts. The stolen funds were later transferred from Arbitrum to Ethereum.

但是，GMX開發人員確認該漏洞不影響GMX的核心合同。後來將被盜的資金從仲裁轉移到以太坊。

What is known about the Abracadabra exploit

關於Abracadabra漏洞的了解

The exploit, which began on February 27, targeted Abracadabra’s cauldrons, specifically the integration with GMX V2 liquidity pools.

該漏洞從2月27日開始，針對Abracadabra的大鍋，特別是與GMX V2流動性池的集成。

According to reports, the hacker used a large flash loan to trigger self-liquidation within a GMX V2 vault, rapidly draining a significant portion of Abracadabra’s liquidity.

據報導，黑客使用了大量閃光燈來觸發GMX V2保險庫中的自動液體，從而迅速消耗了Abracadabra的大部分流動性。

The stolen funds were quickly moved and laundered through a series of transactions.

被盜的資金很快被移動並通過一系列交易進行。

Exploiters used a new mixing service on Arbitrum to obfuscate the stolen coins.

漏洞利用者在仲裁上使用新的混合服務來混淆被盜的硬幣。

Coins used in the exploit were later mixed again via a service on Ethereum.

後來通過以太坊上的服務再次混合了利用中使用的硬幣。

The exploit was detected by blockchain security firm, PeckShield, who reported that a large sum of ETH had been rapidly withdrawn from Abracadabra’s cauldron on Arbitrum.

該漏洞由區塊鏈安全公司Peckshield檢測到，他報告說，大量ETH已從Abracadabra的大鍋中迅速撤回。

Afterwards, Abracadabra confirmed the exploit in a statement, disclosing that around 6,262 ETH had been stolen from the protocol.

之後，Abracadabra在一份聲明中確認了該剝削，並揭示了該協議中大約有6,262個ETH被盜。

The statement from Abracadabra read, in part:

Abracadabra的聲明在某種程度上閱讀：

“We are aware of a major exploit that has affected Abracadabra, specifically targeting our cauldrons and the integration with GMX V2 liquidity pools.

“我們知道有一個主要的利用影響了Abracadabra，專門針對我們的大鍋和與GMX V2流動性池的整合。

“An exploiter was able to manipulate the liquidation process in the GMX V2 integration to extract funds from the protocol. The exploiter used a large (for Arbitrum) flash loan to trigger self-liquidation of a GMX V2 vault and rapidly drained a portion of Abracadabra’s liquidity.”

“剝削者能夠操縱GMX V2集成中的清算過程，以從協議中提取資金。利用者使用了大型（用於索賠）閃光燈貸款來觸發GMX V2 Vault的自動化，並迅速耗盡了Abracadabra的流動性的一部分。”

What is known about Abracadabra

關於abracadabra的了解

Abracadabra is a decentralized finance protocol that offers yield enhancement and borrowing/lending services. Its lending system, known as cauldrons, allows users to borrow and lend cryptocurrencies.

Abracadabra是一種分散的財務協議，可提供增強和借貸/借貸服務。它的貸款系統被稱為大鍋，允許用戶借用和借出加密貨幣。

The protocol’s native stablecoin is Magic Internet Money (MIM), which is used for various DeFi activities. Abracadabra also integrates with other protocols and liquidity sources to expand its offerings.

該協議的本地stablecoin是魔術互聯網貨幣（MIM），用於各種Fefi活動。 Abracadabra還與其他協議和流動性來源集成以擴展其產品。

Earlier in January, another exploit targeted Abracadabra’s MIM stablecoin, resulting in a $6.5 million loss.

1月初，另一個利用Abracadabra的Mim Stablecoin的目標是650萬美元。