Core Insights - Abracadabra, a DeFi project, experienced a security breach resulting in a loss of approximately $1.7 million [1] - The exploit involved manipulation of smart contract variables to bypass solvency checks, leading to excessive borrowing [2] - This incident marks the third exploit against Abracadabra in less than two years [6] Incident Details - The breach was flagged by Go Security on October 4, with attackers laundering about 51 ETH through Tornado Cash [1] - The attacker’s wallet still held around 344 ETH, valued at approximately $1.55 million at the time of reporting [1] - The exploit was verified by security researcher Weilin Li, who detailed the manipulation of smart contract variables [2] Technical Analysis - Phalcon, another blockchain audit firm, identified a faulty logic sequence in the platform's cook function as the root cause [3] - The attacker executed two operations: one that initiated borrowing while bypassing solvency checks, and another that rewrote the check flag to skip validation [4] Financial Impact - The attacker drained over 1.79 million MIM tokens by repeating the exploit across six different addresses [5] - Abracadabra's team confirmed on Discord that they would utilize DAO reserve funds to repurchase the affected MIM supply [5]