Jimbos Protocol, Built on Arbitrum, Succumbs to Hack, Losing $7.5 Million in Ether
Jimbos Protocol, a decentralized finance (DeFi) protocol operating on the Arbitrum system, fell victim to a hacking incident, resulting in a substantial loss of funds totaling $7.5 million in Ether (ETH). This unfortunate event adds to the growing list of DeFi protocol hacks within the crypto industry.
The breach occurred on May 28, as reported by PeckShield, a blockchain security firm. The attacker capitalized on the absence of slippage control in liquidity conversions, exploiting a loophole in the protocol’s investment strategy. By reversing swap orders, the attacker managed to profit at the expense of the protocol.
Despite being launched less than three weeks ago, Jimbos Protocol aimed to tackle liquidity and volatile token prices through an innovative testing approach. Unfortunately, the protocol’s development was insufficient, leading to a logical vulnerability that created an advantageous environment for attackers. Consequently, the value of Jimbo (JIMBO), the underlying token, experienced a staggering 40% decline.
PeckShield’s investigation revealed that the attackers successfully withdrew 4,090 ETH from the Arbitrum network. Subsequently, they utilized the Stargate bridge and the Celer Network to transfer approximately 4,048 ETH from the Ethereum network.
#PeckShieldAlert $JIMBO has dropped -40%https://t.co/fXZPG27zdM pic.twitter.com/zMPs75jUtK
— PeckShieldAlert (@PeckShieldAlert) May 28, 2023
Although incidents like these are not entirely unheard of in DeFi protocols, there has been a decrease in the number of attacks reported compared to previous years. However, the DeFi community remains exposed to various exploitations, highlighting the ongoing challenge of bolstering security measures and preventing unauthorized access.
Here comes the flow of stolen funds. @jimbosprotocol pic.twitter.com/HkUtTFZILv
— PeckShieldAlert (@PeckShieldAlert) May 28, 2023
For instance, the recent flash loan attack on the 0VIX protocol resulted in a substantial loss of nearly $2 million, demonstrating the persistent vulnerabilities that plague the DeFi ecosystem. Additionally, Tornado Cash, a prominent privacy-focused protocol, fell victim to a hijacking incident where unknown attackers compromised the system and made off with significant quantities of Tornado Cash (TORN) tokens, causing substantial financial losses.
These incidents underscore the importance of continuous efforts to enhance security protocols within the DeFi space, minimizing the risks associated with potential breaches and fortifying the trust of participants in the ecosystem.