Abracadabra Money, a cross-chain lending platform, has confirmed a $6.49-million exploit involving the protocol’s Ethereum cauldrons that allow users to borrow the Magic Internet Money (MIM) stablecoin using different assets as collateral.

The MIM development team acknowledged the exploit and stated that they are investigating. They said that the protocol’s governing body plans to compensate victims through a buy-back and burn process.

We are aware of an exploit involving certain cauldrons on Ethereum.

Our engineering team is triaging and investigating the situation.

To the best of its Ability, the DAO treasury will be buying back MIM from the market to then burn.

More updates are coming.

— ‍♂️ (@MIM_Spell) January 30, 2024

The $6.49-million exploit was flagged on Tuesday by blockchain security firm PeckShield. The unknown exploiter initially funded the attack with 1 Ether ( ETH ) via cryptocurrency mixer Tornado Cash, according to the security firm.

Less than an hour after the exploit was announced, MIM, which is an algorithmic United States dollar-pegged stablecoin, lost its dollar peg, falling to $0.77, before recovering to the current $0.94 mark, according to CoinMarketCap data.

Price chart of MIM. Source: CoinMarketCap

A report from blockchain security firm CertiK said the exploit may have been caused by a “rounding issue.” The attacker repeatedly called the “userBorrowPart()” function, followed by “repay()” from the protocol’s v4 cauldrons, implying that the attacker borrowed and repaid loans over and over again, somehow allowing them to drain funds from the contract.

Related: Alameda-linked wallets open $2.3-million loan position on Abracadabra

Magic Internet Money was  also depegged in 2022  due to the fallout of the Terra ecosystem collapse. In August, the protocol raised its interest rate on the coin by 200% in an effort to manage risk from the Curve protocol.