Attackers have stolen over $111,000 in MIM tokens, exploiting oracle vulnerability
Contents
Anonymous DeFi expert who goes by @spreekaway on Twitter noticed an unusual transaction on Abracadabra’s on-chain stablecoin Magic Internet Money (MIM) and xSUSHI tokens of SushiSwap (SUSHI) liquidity providers.
Attackers get over $110,000 in MIM, oracles to blame
Per the statement shared by @spreekaway on Twitter yesterday, Nov. 8, 2022, someone used the abnormal price spike in the oracle to maliciously deposit xSUSHI tokens.
seems MIM just ate a bunch of bad debt from someone depositing xSUSHI when the oracle was far above current price, self updating the oracle, and then liquidating themself.
attacker profited 110,911 MIM pic.twitter.com/2UVr9Wccpg
— Spreek (@spreekaway) November 8, 2022
Then, once the oracles system was self-updated, the deposit was “auto-liquidated”: the attacker grabbed the profits from the oracle imbalance.
In total, the losses eclipsed $110,000 in equivalent; the malefactors withdrew it in MIM stablecoins.
Ads
Anonymous Ethereum (ETH) developer 0xMerlin (@0xM3rlin on Twitter), one of the key figureheads in the Abracadabra DeFi ecosystem, admitted that one of the backend elements of his protocol was not operating.
In the next releases, he stressed, the system will use advanced oracles design, including tooling by Gelato Network, in parallel with Chainlink (LINK).
MIM briefly loses its peg amid Binance/FTX drama
Also, the same address tried to attack Kashi lending pools but was frontrun by bots. The frontrunners managed to grab over $9,400 in USD Coins (USDC).
It should also be noted that the price of Magic Internet Money (MIM) briefly lost its peg yesterday, Nov. 8, 2022. It plunged below $0.96.
This was the largest price drop of MIM in the last year. Meanwhile, by press time, the token almost recovered from the depegging and is now changing hands at $0.9965 on major exchanges.
Source: https://u.today/abracadabras-mim-stablecoin-used-by-defi-attackers-heres-how