The DeFi security incident has stirred up waves again, GMX urgently clarifies its relationship.

A security vulnerability has emerged in the DeFi space! Blockchain security firm PeckShield revealed that the "Cauldron" smart contract of the lending protocol Abracadabra/Spell was attacked, resulting in the theft of 6,260 ETH (approximately $13 million).

It is worth noting that this incident has affected the well-known decentralized exchange GMX, as the contract of Abracadabra is directly connected to the liquidity pool of GMX V2.

The GMX team quickly issued a statement to clarify their position, stating that their contract is absolutely safe! They explained that the issue exists only in the contract design of Abracadabra and is unrelated to the underlying GMX protocol.

The Abracadabra team is currently working with external security experts to thoroughly investigate the root cause of the vulnerability. This is the second time this year that the protocol has been compromised; in January, its stablecoin MIM suffered losses of over $6.49 million due to a contract vulnerability.

Security researcher Weilin Li analyzed the attack process and exposed the "flash loan seven-in-a-row" strategy used by hackers. The attackers first performed 7 operations within a single transaction, 5 of which borrowed the MIM stablecoin, and quickly accumulated debt.

Due to the fact that the contract does not check the collateral ratio in real-time after each loan, the attacker's debt ratio quickly exceeded the safe threshold. Subsequently, the attacker invoked a malicious contract, triggering a liquidation on themselves during the brief window before the flash loan was repaid.

In simple terms, the attacker first borrows MIM stablecoins to increase their debt, then triggers the liquidation mechanism while in a flash loan state, at which point the system fails to detect the insufficient collateral situation. Even more shocking is that the contract's repayment accounting function is executed only after all operations are completed, which gives the attacker an opportunity!

This incident reminds us once again that to avoid similar arbitrage attacks, DeFi protocols must be strictly designed with real-time risk control logic. Furthermore, the security of smart contracts relies not only on the code itself but also on the reasonable setting of boundaries for financial behavior.

Do such events happening at the edge affect your confidence in Decentralized Finance? How do you balance yield and security considerations when using DeFi protocols?

#DeFi安全 #GMX #Abracadabra # Flash Loan Attack