Abracadabra Finance Offers a Bug Bounty After $6.5 Million Exploit

Reading Time: 2 minutes
  • Abracadabra has sent an on-chain message to a malicious actor who siphoned $6.5 million from the platform
  • The DeFi platform hopes to offer a bug bounty to the actor although it didn’t specify how much it’s willing to offer
  • The protocol’s team is investigating the incident with the help of Chainalysis

Cross-chain lending platform Abracadabra Finance has sent an on-chain message to an entity that drained $6.5 million from the platform. Abracadabra said that it’s willing to consider the individual a white hat hacker if he’s willing to keep a small percentage of the funds and return the rest. Although most DeFi projects with the same predicament have in the past offered 10% of the stolen funds as a bug bounty, the DeFi protocol hasn’t specified what percentage it’s willing to extend as a bounty.

Help Recover the Funds

In the message, the platform said that it’s “keen to engage in a dialogue.” In an X (formerly Twitter) thread, Abracadabra also asked anyone with information “that could help recover the funds or about the attacker” to offer their support.

According to the initial findings shared by the DeFi protocol, the malicious actor “targeted specific Cauldrons V3 & V4,” enabling them to manipulate the MIM borrowing process. The platform disclosed that it has “fully mitigated” the issue by adjusting the borrowing limit to above zero for the susceptible Cauldrons.

Abracadabra revealed that it’s working with crypto exchanges, blockchain security firm Chainalysis and other relevant entities in the blockchain space to help track the funds’ movement.

A Bug Bounty Isn’t Always Enough

The DeFi platform’s actions resemble those of Sky Mavis, ImmuneFi and Jimbos Protocol which also offered bug bounties in exchange for stolen funds. While some hackers have accepted such offers, others like the Mango Market hacker have in the past chosen to keep the entire loot.

Although Abracadabra hasn’t revealed what it’ll do in case the malicious actor refuses to take the deal, involving law enforcement agencies may be the next step.