- Abracadabra has sent an on-chain message to a malicious actor who siphoned $6.5 million from the platform
- The DeFi platform hopes to offer a bug bounty to the actor although it didn’t specify how much it’s willing to offer
- The protocol’s team is investigating the incident with the help of Chainalysis
Cross-chain lending platform Abracadabra Finance has sent an on-chain message to an entity that drained $6.5 million from the platform. Abracadabra said that it’s willing to consider the individual a white hat hacker if he’s willing to keep a small percentage of the funds and return the rest. Although most DeFi projects with the same predicament have in the past offered 10% of the stolen funds as a bug bounty, the DeFi protocol hasn’t specified what percentage it’s willing to extend as a bounty.
Help Recover the Funds
In the message, the platform said that it’s “keen to engage in a dialogue.” In an X (formerly Twitter) thread, Abracadabra also asked anyone with information “that could help recover the funds or about the attacker” to offer their support.
4/
We have reached out to the attacker via an on-chain message, offering a chance to return the funds and qualify for a bug bounty.
Transaction with message:https://t.co/WCXWvExLp0
AbracadabraDAO treasury address can be found here:https://t.co/xzKvLWU2jh
— 🧙🏼♂️ (@MIM_Spell) January 30, 2024
According to the initial findings shared by the DeFi protocol, the malicious actor “targeted specific Cauldrons V3 & V4,” enabling them to manipulate the MIM borrowing process. The platform disclosed that it has “fully mitigated” the issue by adjusting the borrowing limit to above zero for the susceptible Cauldrons.
2/
Preliminary findings indicate the exploit targeted specific Cauldrons V3 & V4, allowing unauthorized MIM borrowing.
We’ve mitigated the issue by setting borrowing limits to zero for these cauldrons.
— 🧙🏼♂️ (@MIM_Spell) January 30, 2024
Abracadabra revealed that it’s working with crypto exchanges, blockchain security firm Chainalysis and other relevant entities in the blockchain space to help track the funds’ movement.
3/
We have the full might of @chainalysis behind us, through our Crypto Incident Response partnership, which is tapping into their extended network of exchanges and partners as well as successfully tracking the moved funds.https://t.co/Yhq48UhYVo
— 🧙🏼♂️ (@MIM_Spell) January 30, 2024
A Bug Bounty Isn’t Always Enough
The DeFi platform’s actions resemble those of Sky Mavis, ImmuneFi and Jimbos Protocol which also offered bug bounties in exchange for stolen funds. While some hackers have accepted such offers, others like the Mango Market hacker have in the past chosen to keep the entire loot.
Although Abracadabra hasn’t revealed what it’ll do in case the malicious actor refuses to take the deal, involving law enforcement agencies may be the next step.
