分散的贷款平台Abracadabra。金额遭受攻击，耗尽了价值1300万美元的加密货币

区块链安全公司Peckshield宣称涉及分散交易所GMX和Abracadabra的合同受到了损害，导致盗窃6,260 ETH

Decentralized lending platform Abracadabra.Finance suffered an exploit that saw an attacker drain 6,260 ETH, worth around $12.98 million at the time of writing, from pools tied to GMX liquidity tokens.

权力下放的贷款平台Abracadabra.Finance遭受了攻击，这使攻击者排水6,260 ETH，在撰写本文时价值约为1,298万美元，从与GMX流动性令牌相关的池。

Blockchain security firm PeckShield noted that contracts linked to decentralized exchange GMX and Abracadabra were compromised.

区块链安全公司Peckshield指出，与分散的交易所GMX和Abracadabra相关的合同受到妥协。

The exploit focused on so-called “cauldrons,” which are isolated lending markets in Abracadabra where users can borrow against crypto collateral. These particular cauldrons relied on GM tokens, which represent liquidity positions in GMX, a decentralized exchange platform.

专注于所谓的“大锅”的利用是在阿布拉卡达布拉（Abracadabra）孤立的贷款市场，用户可以借用加密抵押品。这些特殊的大锅依赖于转基因令牌，后者代表了一个分散的交换平台GMX中的流动性位置。

.@GMX_IO @MIM_Spell related contracts are being exploited and about 6,260 ETH (worth ~$13M) has been drained from a few Abracadabra cauldrons.

。

The exploit focused on GM tokens, which are used to create liquidity positions in GMX, a decentralized exchange platform.

专注于GM代币的利用，用于在分散的交换平台GMX中创建流动性位置。

— PeckShield Inc. (@PeckShieldUSA) October 25, 2023

- Peckshield Inc.（@peckshieldusa）2023年10月25日

GMX distanced itself from the incident. In a post on X, an account associated with the exchange said that GMX’s contracts themselves were unaffected. The team later said the breach was “solely related to the Abracadabra/Spell cauldrons,” which used GM tokens as collateral but did not involve GMX’s core infrastructure.

GMX与事件保持距离。在X上的帖子中，与交易所相关的帐户说，GMX的合同本身不受影响。该团队后来表示，违规行为“仅与Abracadabra/Spell大锅有关”，后者使用GM令牌作为抵押品，但不涉及GMX的核心基础架构。

In a statement on X, Abracadabra confirmed the exploit and said core contributors and engineers were investigating the incident to its “fully audited” cauldron. The protocol noted that gmCauldrons had been audited by Guardian Audits — the same firm that audited GMX contracts — and were part of a broader security infrastructure involving monitoring and response tools.

Abracadabra在有关X的一份声明中证实了该事件，并说核心贡献者和工程师正在调查其“经过全面审核”大锅的事件。该协议指出，GMCAULDRON已由Guardian审计（审核GMX合同的公司）审核，并且是涉及监视和响应工具的更广泛安全基础架构的一部分。

The protocol offered the attacker a 20% bug bounty and invited them to negotiate via email or an on-chain message.

该协议向攻击者提供了20％的漏洞赏金，并邀请他们通过电子邮件或链邮件进行谈判。

Abracadabra is working with Guardian and GMX as well as other security partners in assessing the extent of the damage and how the attack was executed. A full post-mortem will follow once the investigation concludes, and no user collateral was affected, it said.

Abracadabra正在与Guardian和GMX以及其他安全合作伙伴合作，以评估损害的程度以及攻击的执行方式。它说，一旦调查得出结论，将遵循完整的验尸，并且没有影响用户抵押品。

Last year Abracadabra.Finance suffered an exploit that saw attackers gain $6.49 million in crypto and cause the protocol’s Magic Internet Money (MIM) stablecoin to lose its peg to the U.S. dollar.

去年，Abracadabra。金钱遭受了攻击，使攻击者获得了649万美元的加密货币，并导致协议的魔术互联网货币（MIM）Stablecoin损失了其固定资金的钉子。