Inside the fallout from PeckShield’s Synnax Labs audit
PeckShield Inc. has been accused by stablecoin yield layer Synnax Labs of refunding and removing an audit after the crypto security firm allegedly overlooked the same bug that caused the $1.7 million hack of DeFi lending protocol Abracadabra.
Synnax Labs first asked for a refund after discovering several vulnerabilities that weren’t spotted by PeckShield in its audit. According to Synnax Labs, the audit “lacked sufficient depth.”
The company also claimed that, “After refunding, PeckShield removed the audit report and related correspondence — an unprofessional move that undermines transparency.”
The firm disclosed the refund after PHD student and blockchain specialist, Weilin Li, questioned Synnax Labs’ activity in relation to the Abracadabra hack on October 4.
Li claims that Synnax Labs was, as far as they knew, the only fork of Abracadabra’s Magic Internet Money (MIM) with total value locked (TVL) that was vulnerable to the attack.
Synnax Labs has told Protos, however, that it’s not a fork of Abracadabra.
Read more: No crying in the casino: XPL bug hits Aster, Hypervault rug pull suspected
Li notes how Synnax Labs patched this vulnerability four days before the exploit, how PeckShield deleted the audit (which didn’t include this vulnerability), and asks, “What happened?”
They added, “I have no opinion or comment on this event. I am just listing some facts.”
Indeed, Synnax Labs claims that the contracts were paused and patched “proactively” four days before Abracadabra’s exploit, before elaborating on what happened with the audit.
Abracadabra has lost over $21 million in major DeFi hacks
Abracadabra reportedly suffered the hack after a flaw in the protocol’s cook function was exploited to manipulate its solvency checks.
The funds were subsequently sent to Tornado Cash before Abracadabra bought back MIM and fully recovered. PeckShield didn’t flag the Abracadabra exploit on its alert account.
Abracadabra has suffered three major DeFi exploits since 2024, losing over $21 million.
In January 2024, it lost $6.5 million after a hacker appeared to have exploited a rounding error in its CauldronV4 smart contract code.
Then, over a year later, it was hacked for $13 million worth of ether after following an exploit with the contract’s collateral accounting mechanism.
Protos has reached out to Synnax Labs and PeckShield Inc. for comment and will update this piece should we hear back.
Update October 6, 17:14 UTC: Updated to clarify that Synnax Labs is not a fork of Abracadabra.
Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.