Abracadabra.Finance, a decentralized lending platform, was exploited for approximately $13 million in Ethereum (ETH), with around 6,262 ETH stolen. The attack targeted pools tied to GMX liquidity tokens, specifically 'cauldrons' using GM tokens as collateral. The stolen ETH was subsequently bridged to the Ethereum network and distributed across three new wallets. Blockchain security firms, including PeckShield and Cyvers, reported the incident, noting that the funds were moved in multiple batches from the Arbitrum network to Ethereum via Stargate. The hacker utilized the Tornado Cash decentralized cryptocurrency mixer to fund the transaction fees for the malicious transactions, which were identified as a smart contract compromise possibly involving a flash loan attack. Abracadabra confirmed the exploit and stated that its core contributors and engineers are investigating the incident. The platform offered a 20% bug bounty to the hacker and invited negotiations via email or an on-chain message. All borrowing functions across cauldrons have been frozen. GMX clarified that its contracts were not affected by the breach, emphasizing that the issue was isolated to Abracadabra's cauldrons. The attack follows a previous exploit in January 2024 that led to a $6.49 million loss and affected Abracadabra's Magic Internet Money (MIM) stablecoin's peg to the US dollar.