利用Abracadabra协议，黑客从流动性池中流失了1300万美元

Abracadabra智能合约的安全缺陷导致了一个重大的漏洞，黑客耗尽了6262 ETH约6262 ETH

A critical security flaw in Abracadabra’s smart contracts has been exploited by a hacker to steal around 6,262 ETH, valued at roughly $13 million, from the protocol’s liquidity pools. The exploit, identified as a flash loan exploit, was initially detected by blockchain security firm, PeckShield.

Abracadabra智能合约的一个关键安全漏洞已被黑客利用，从协议的流动性池中窃取了大约6,262 ETH，价值约为1300万美元。该漏洞利用被确定为Flash贷款利用，最初由区块链安全公司Peckshield检测到。

How Abracadabra’s lending system was exploited

Abracadabra的贷款系统如何利用

Abracadabra’s lending system, known for its cauldrons that integrate with GMX liquidity pools for borrowing and lending, was the target of the exploit.

Abracadabra的贷款系统以与GMX流动性库集成以借贷和贷款的大锅而闻名，是剥削的目标。

According to blockchain security researchers, the hacker manipulated the liquidation process in the GMX V2 integration. An unidentified weakness in this integration allowed the exploiter to withdraw funds from the protocol.

根据区块链安全研究人员的说法，黑客操纵了GMX V2集成中的清算过程。在此整合中，未知的弱点使剥削者可以从协议中撤回资金。

Further analysis by blockchain researcher, Weilin Li, revealed that the attacker used a large flash loan to trigger self-liquidation.

区块链研究人员Weilin Li的进一步分析表明，攻击者使用了大量的闪光贷款来触发自动化。

This was possible due to a property of GMX V2 that allows users to liquidate their positions if the price drops to the liquidation price. In this case, the attacker borrowed Magic Internet Money (MIM), Abracadabra’s stablecoin, and paid a liquidation premium to be immediately liquidated.

由于GMX V2的财产，如果价格下跌至清算价格，则可以清算其头寸。在这种情况下，攻击者借用了魔术互联网货币（MIM），阿布拉卡达布拉（Abracadabra）的Stablecoin，并支付了清算保费，以立即清算。

However, a GMX developer confirmed that the exploit did not affect GMX’s core contracts. The stolen funds were later transferred from Arbitrum to Ethereum.

但是，GMX开发人员确认该漏洞不影响GMX的核心合同。后来将被盗的资金从仲裁转移到以太坊。

What is known about the Abracadabra exploit

关于Abracadabra漏洞的了解

The exploit, which began on February 27, targeted Abracadabra’s cauldrons, specifically the integration with GMX V2 liquidity pools.

该漏洞从2月27日开始，针对Abracadabra的大锅，特别是与GMX V2流动性池的集成。

According to reports, the hacker used a large flash loan to trigger self-liquidation within a GMX V2 vault, rapidly draining a significant portion of Abracadabra’s liquidity.

据报道，黑客使用了大量闪光灯来触发GMX V2保险库中的自动液体，从而迅速消耗了Abracadabra的大部分流动性。

The stolen funds were quickly moved and laundered through a series of transactions.

被盗的资金很快被移动并通过一系列交易进行。

Exploiters used a new mixing service on Arbitrum to obfuscate the stolen coins.

漏洞利用者在仲裁上使用新的混合服务来混淆被盗的硬币。

Coins used in the exploit were later mixed again via a service on Ethereum.

后来通过以太坊上的服务再次混合了利用中使用的硬币。

The exploit was detected by blockchain security firm, PeckShield, who reported that a large sum of ETH had been rapidly withdrawn from Abracadabra’s cauldron on Arbitrum.

该漏洞由区块链安全公司Peckshield检测到，他报告说，大量ETH已从Abracadabra的大锅中迅速撤回。

Afterwards, Abracadabra confirmed the exploit in a statement, disclosing that around 6,262 ETH had been stolen from the protocol.

之后，Abracadabra在一份声明中确认了该剥削，并揭示了该协议中大约有6,262个ETH被盗。

The statement from Abracadabra read, in part:

Abracadabra的声明在某种程度上阅读：

“We are aware of a major exploit that has affected Abracadabra, specifically targeting our cauldrons and the integration with GMX V2 liquidity pools.

“我们知道有一个主要的利用影响了Abracadabra，专门针对我们的大锅和与GMX V2流动性池的整合。

“An exploiter was able to manipulate the liquidation process in the GMX V2 integration to extract funds from the protocol. The exploiter used a large (for Arbitrum) flash loan to trigger self-liquidation of a GMX V2 vault and rapidly drained a portion of Abracadabra’s liquidity.”

“剥削者能够操纵GMX V2集成中的清算过程，以从协议中提取资金。利用者使用了大型（用于索赔）闪光灯贷款来触发GMX V2 Vault的自动化，并迅速耗尽了Abracadabra的流动性的一部分。”

What is known about Abracadabra

关于abracadabra的了解

Abracadabra is a decentralized finance protocol that offers yield enhancement and borrowing/lending services. Its lending system, known as cauldrons, allows users to borrow and lend cryptocurrencies.

Abracadabra是一种分散的财务协议，可提供增强和借贷/借贷服务。它的贷款系统被称为大锅，允许用户借用和借出加密货币。

The protocol’s native stablecoin is Magic Internet Money (MIM), which is used for various DeFi activities. Abracadabra also integrates with other protocols and liquidity sources to expand its offerings.

该协议的本地stablecoin是魔术互联网货币（MIM），用于各种Fefi活动。 Abracadabra还与其他协议和流动性来源集成以扩展其产品。

Earlier in January, another exploit targeted Abracadabra’s MIM stablecoin, resulting in a $6.5 million loss.

1月初，另一个利用Abracadabra的Mim Stablecoin的目标是650万美元。