Abracadabra.money is a decentralized lending platform that allows users to deposit interest-bearing tokens (ibTKNs) as collateral to borrow a USD-pegged omnistablecoin, Magic Internet Money (MIM). The protocol's primary function is to enable users to gain liquidity from their yield-generating crypto assets without needing to sell them. MIM can be used like any other traditional stablecoin^[1]​^[2].

Overview

Abracadabra.money is a multi-chain protocol, with deployments on blockchains including Ethereum, Arbitrum, and Fantom^[3][4]. As of early October 2025, the protocol had a Total Value Locked (TVL) of approximately $154 million^[4].

The platform has been the target of several high-profile security exploits, resulting in cumulative losses of over $20 million since 2024. Despite these challenges, the protocol's decentralized autonomous organization (DAO) has taken steps to mitigate damages, including using treasury funds to repurchase stolen assets and stabilize the MIM stablecoin^[4].

Technology and Architecture

Kashi Lending Technology and Isolated Markets

Abracadabra.money utilizes Kashi Lending Technology, a framework pioneered by SushiSwap, to create its lending markets. The core feature of this technology is the use of isolated markets, known as "Cauldrons." In an isolated market, the risk of any single collateral asset is contained within its own market. This means that if a specific collateral type becomes volatile or is compromised, it does not pose a systemic risk to the entire protocol or other lending pools^[1].

Core Components

The protocol's architecture is built on several key components:

• Cauldrons: These are isolated lending vaults where users can deposit a specific type of collateral to borrow or mint MIM. Each Cauldron has its own risk parameters. Several versions of the Cauldron smart contracts exist, including V3 and V4, which have been the targets of security exploits^[5][6].
• BentoBox (and Degenbox): BentoBox is a token vault that serves as the foundation for Abracadabra's Cauldrons. It acts as a centralized repository for user collateral. Abracadabra utilizes a specific implementation called Degenbox. This vault is designed to generate yield on the assets it holds, even while they are being used as collateral^[6].
• The cook() Function: This is a powerful and complex function within the Cauldron contracts that allows users to batch multiple actions (such as adding collateral, borrowing MIM, and repaying debt) into a single, atomic transaction. While designed for efficiency and improved user experience, a logical flaw in this function was the cause of a significant exploit in October 2025^[6].

Tokenomics

Abracadabra.money has three main tokens that are central to its ecosystem.

• SPELL: The protocol's native utility and rewards token, primarily used for incentivizing liquidity.
• sSPELL: A staked version of SPELL that grants holders voting rights in the protocol's governance and a share of the platform's revenue.
• MIM (Magic Internet Money): The protocol's decentralized, USD-pegged stablecoin that is minted by users against their deposited collateral.

SPELL

The SPELL token is used to incentivize participation in the Abracadabra ecosystem.

• Token Symbol: SPELL
• Total Supply: 210,000,000,000 SPELL (original supply of 420B was halved via a one-time token burn)

SPELL Token Distribution:

• 45% (94.5B SPELL): MIM-3LP3CRV Liquidity Incentive
• 30% (63.0B SPELL): Team allocation (4 Year Vesting Schedule)
• 18% (37.8B SPELL): ETH-SPELL SushiSwap Liquidity Incentive
• 7% (14.7B SPELL): Initial DEX Offering

sSPELL

sSPELL (Staked SPELL) is the governance token for the protocol. Users can stake their SPELL tokens to receive sSPELL. Holders of sSPELL are entitled to a share of the fees generated by the protocol (from interest, borrow fees, and liquidation fees) and can participate in governance proposals and voting.

MIM (Magic Internet money)

Magic Internet Money (MIM) is a collateralized stablecoin pegged to the value of the U.S. Dollar. It is minted by users who deposit interest-bearing tokens into Abracadabra's Cauldrons. MIM's stability is backed by the crypto assets held in these vaults. The circulating supply as of early October 2025 was approximately 44 million tokens^[4].

Governance

Governance of the Abracadabra.money protocol is managed by a decentralized autonomous organization (DAO) composed of sSPELL token holders. The DAO is responsible for making decisions on key protocol parameters, risk management, and the use of treasury funds.

An example of the DAO's function occurred in October 2025, when a security incident resulted in a loss of funds. The Abracadabra DAO responded by using its treasury to purchase the stolen amount of MIM from the open market to help stabilize the token's price and repay the protocol's bad debt. A DAO contributor known as '0xMerlin' publicly communicated the DAO's response to the community^[4].

Security Incidents

The Abracadabra.money protocol has faced several major security breaches since 2024, resulting in total losses exceeding $21 million. These events have tested the protocol's resilience and led to community concerns regarding its security practices^[3].

October 2025: cook() Function Exploit (~$1.8M Loss)

On October 4, 2025, an attacker exploited a logic flaw in a deprecated CauldronV4 smart contract, stealing approximately $1.79 million in MIM. The vulnerability, which had existed undetected since February 2023, was in the cook() function. The attacker bypassed a required solvency check by passing an unrecognized action ID, which reset a security flag and allowed them to borrow MIM without sufficient collateral. The stolen funds were swapped for ETH and laundered through Tornado Cash. In response, the Abracadabra DAO paused the affected market and used treasury funds to buy back the stolen MIM^[6][4].

March 2025: GMX Cauldron Exploit (~$13M Loss)

In March 2025, Abracadabra suffered its largest financial loss when an attacker drained $13 million in MIM from its GMX-linked liquidity pools on the Arbitrum network. The exploit was a complex flash loan attack that targeted a flaw in the collateral accounting mechanism of Abracadabra's GmxV2 CauldronV4. The vulnerability allowed the attacker to bypass solvency checks by manipulating failed orders. GMX confirmed its own contracts were not at fault. The attacker laundered the stolen assets, worth 6,260 ETH at the time, by bridging them to Ethereum and using Tornado Cash^[7][3].

January-June 2024: Multiple Smart Contract Exploits (~$12.9M combined)

The protocol was targeted in at least two significant hacks in 2024.

• June 2024 Exploit ($6.5M Loss): An attacker exploited a precision loss issue in Cauldron V3 and V4 contracts. The vulnerability caused a desynchronization between the protocol's internal debt tracking variables (elastic and base), allowing the attacker to amass a huge share of the debt and borrow far more MIM than their collateral permitted, leading to a depegging of the MIM stablecoin^[5].
• January 2024 Exploit ($6.4M Loss): An exploit on Ethereum, reportedly initiated with just 1 ETH, resulted in a loss of approximately $6.4 million. The attack involved a rounding error or similar precision vulnerability that allowed the hacker to bypass insolvency checks, leading to the creation of bad debt and a temporary de-peg of MIM^[7][4].