← back to feed·—ACCESS-CONTROL2025-03-25 · 1y ago

Incident · CHAINSEC

Abracadabra Spell

Exploit

Estimated loss

$13.00M

VERDICT —UNRATED

Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.

▰ METHOD

ACCESS CONTROL

ACCESS-CONTROLBYTECODE CATCHABLE →AI SCANNABLE →

Root cause

Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.

Forensic narrative

An exploit in Spell-related contract flows resulted in unauthorized withdrawals and major treasury/user losses. Reported loss: $13,000,000.

Primary source

https://www.coindesk.com/business/2025/03/25/abracadabra-drained-of-usd13m-in-exploit-targeting-cauldrons-tied-to-gmx-liquidity-tokens ↗

Sourced from

chainsec

Technical record

chain: —
protocol: Abracadabra Spell
bug_class: access-control
date_occurred: 2025-03-25
loss_usd: $13,000,000
source_id: cs:abracadabra-spell::2025-03-25

Related — same bug class· access-control

2026-05-13

27d ago

ARB

ShapeShift FOX Colony (Colony Network)

executeMetaTransaction → resolver-repoint via setTarget → delegatecall drain

Uniswap V4 hook-contract logic exploit

Contract Vulnerability

Huma Finance V1 (deprecated)

refreshAccount() unconditional GoodStanding state flip → unauthorized drawdown

Unprotected Initializer Exploit

Contract Vulnerability

access-control

$209.0K

UNRATED