MIM Incident Overview
Recent on-chain analytics have uncovered that the perpetrator behind the Magic Internet Money (MIM) incident in March 2025 has recently transferred a significant sum of pilfered assets amounting to approximately $7.5 million into Tornado Cash, a well-known cryptocurrency mixing service. This revelation comes from blockchain security experts at CertiK, who identified that the hacker funneled 3,001 ETH, equating to $7.57 million, from a crypto wallet that starts with 0x51baB into the mixer.
Transaction Highlights
This latest transaction alone represents over half of the total funds lost during the attack on Abracadabra Finance‘s stablecoin, which faced damages totaling around $13 million. CertiK reported this development in their communications, highlighting the details:
“The MIM_Spell exploiter has just sent 3,001 ETH (~$7.57M) to Tornado Cash from 0x51baB.”
Tracking the Stolen Assets
To track the flow of these stolen assets, CertiK provided a visual representation of the wallet transactions, indicating that the funds were funneled through four different Ethereum addresses. Initially, the hacker transferred 6,261 ETH, corresponding to the total amount stolen from MIM, followed by the movement of 3,001 ETH using the second and third wallets before routing the funds into a recognized Tornado Cash address.
Details of the Exploit
The exploit on March 25, 2025, resulted in 6,261.13 ETH being siphoned, which was approximately $13 million at the time. This breach specifically targeted the gmCauldron smart contracts on MIM, taking advantage of vulnerabilities in the integration between Abracadabra’s lending protocols and the decentralized exchange GMX.
Analysis and Recovery Efforts
CertiK’s analysis points out a flaw in the liquidation process that failed to correctly update collateral records in RouterOrder, thus allowing the attacker to borrow funds without fulfilling repayment obligations and permitting further borrowing after the liquidation.
Following the incident, Abracadabra Finance, the parent company of MIM, managed to recover half of the $13 million lost in the hack. They confirmed that customer assets remained secure during this breach and expressed ongoing efforts to retrieve the stolen cryptocurrency. Nonetheless, the challenge of tracing these stolen funds has intensified, particularly after they are passed through mixing services like Tornado Cash, which obfuscate their origin and complicate recovery efforts.
