The attacker behind the $13 million Magic Internet Money (MIM) exploit in March 2025 has resurfaced, moving a significant portion of the stolen funds through the controversial crypto mixer Tornado Cash, according to blockchain security firm CertiK.
$7.5M in Stolen ETH Laundered
CertiK revealed that 3,001 ETH worth approximately $7.57 million was transferred from a wallet beginning with 0x51baB into Tornado Cash. This represents more than half of the total stolen funds from the Abracadabra Finance exploit that compromised MIM, a decentralized stablecoin.
“The MIM_Spell exploiter has just sent 3,001 ETH (~$7.57M) to Tornado Cash from 0x51baB,” CertiK confirmed in a recent post on X.
The laundering process involved a multi-step transfer chain across four Ethereum wallets, beginning with a 6,261 ETH transfer equal to the original amount stolen in the exploit. Two of the intermediary wallets then split and transferred 3,001 ETH into Tornado Cash, making it increasingly difficult to trace the funds.
How the Exploit Happened
The original hack occurred on March 25, 2025, when Abracadabra’s gmCauldron contracts specifically the integration between decentralized exchange GMX and the protocol’s lending mechanism were exploited.
According to CertiK’s analysis:
“The exploit allowed the attacker to borrow funds without repaying them and liquidate the funds due to a flaw in the liquidation logic, which failed to overwrite RouterOrder collateral records.”
This critical vulnerability enabled the attacker to double-count collateral, borrow additional funds, and exit without proper settlement.
Abracadabra’s Response and Recovery
In the aftermath of the breach, Abracadabra Finance acted swiftly, restoring 50% of the stolen funds via internal treasury buybacks and strategic operations. The protocol emphasized that user funds remained unaffected, as the exploit only targeted internal smart contract logic.
To incentivize restitution, the team also offered the hacker a 20% white-hat bounty, urging them to return the remaining assets. However, with the latest movement to Tornado Cash, hopes of recovery are fading.
Tornado Cash Raises Tensions Again
The use of Tornado Cash a sanctioned mixer by U.S. authorities has reignited the debate over privacy tools versus money laundering risks. Once funds are processed through Tornado Cash, they become exceedingly difficult to trace, shielding exploiters from law enforcement visibility.
This move highlights the ongoing challenges in crypto asset recovery, particularly when decentralized privacy tools are used to obfuscate transactions.
The MIM attacker’s recent laundering of over $7.5 million in ETH underscores the pressing need for more robust DeFi security and governance. While platforms like Abracadabra strive to recover and secure their protocols, exploiters continue to find ways to evade accountability through decentralized anonymity services.
