Arbitrum-based Jimbos Protocol hacked, losing $7.5M in Ether
The attacker used the lack of slippage control over tokens to steal the funds.
227 Total views
1 Total shares
Adding to the growing number of decentralized finance (DeFi) protocol hacks in the crypto industry, Jimbos Protocol is the latest to suffer an attack resulting in a significant loss of funds.
According to blockchain security firm PeckShield, Jimbos Protocol — the liquidity protocol of the Arbitrum system — was hacked on the morning of May 28. The attack resulted in the loss of 4,000 Ether (ETH), worth approximately $7.5 million at the time.
Specifically, the attacker took advantage of the lack of slippage control on liquidity conversions. The protocol’s liquidity is invested in a price range that doesn’t need to be equal, creating a loophole where attackers can reverse swap orders for their own gain.
Despite being launched less than 20 days ago, the Jimbos Protocol aimed to address liquidity and volatile token prices through a new testing approach. However, it appears that the protocol’s mechanism was not adequately developed, leading to a logical vulnerability that created favorable conditions for attackers. As a consequence, the price of the underlying token, JIMBO, has plummeted by 40% and shows little sign of recovery.
#PeckShieldAlert $JIMBO has dropped -40%https://t.co/fXZPG27zdM pic.twitter.com/zMPs75jUtK
— PeckShieldAlert (@PeckShieldAlert) May 28, 2023
According to PeckShield’s findings, the attackers managed to extract a significant amount of 4,090 ETH from the Arbitrum network. Subsequently, they utilized the bridge called Stargate and the Celer Network to transfer and collect a substantial sum of approximately 4,048 ETH from the Ethereum network.
Here comes the flow of stolen funds. @jimbosprotocol pic.twitter.com/HkUtTFZILv
— PeckShieldAlert (@PeckShieldAlert) May 28, 2023
The occurrence of hacking incidents targeting decentralized finance (DeFi) protocols is not a novel phenomenon within the cryptocurrency market. While there have been reports indicating a significant decline in the number of such attacks when compared to previous years, the community has still been exposed to numerous instances of exploitation in recent times.
Related:The Sandbox CEO’s Twitter was hacked, used to promote alleged ‘airdrop’ scam
Despite efforts to enhance security measures, the DeFi ecosystem continues to grapple with the persistent challenge of safeguarding against potential vulnerabilities and unauthorized access. An example lies in the flash loan attack the 0VIX protocol fell victim to, resulting in a substantial loss of nearly $2 million.
Another noteworthy occurrence involved the hijacking of Tornado Cash, a prominent privacy-focused protocol. Unknown attackers successfully compromised the system and extracted significant quantities of TORN tokens, leading to substantial financial losses.
Magazine: Should crypto projects ever negotiate with hackers? Probably