In a recent incident, the team behind the decentralized finance (DeFi) application Jimbos Protocol has taken a unique approach to deal with an exploiter who drained $7.5 million from its treasury-owned liquidity pool. The team has offered the attacker a proposition: return 90% of the funds and keep the remaining 10%, or face potential prosecution and legal consequences.
Jimbos asked the attacker to take the deal or face prosecution
On May 28, the Jimbos team posted a message on the Ethereum network, stating that if 90% of the funds were returned, the attacker would not be prosecuted. Seeking a response, they later issued a second message on the same day, setting a deadline of “tomorrow by 4 PM UTC” for the return of the funds. The team emphasized that failure to comply would result in their collaboration with law enforcement agencies.
Following the expiration of the deadline, the team announced via Twitter on May 29 that they had made progress in identifying the attacker. They warned the individual that while they did not wish to ruin anyone’s life, they were prepared to take necessary actions to protect the interests of the protocol and its community, including involving the police if required.
Jimbos Protocol, known as a “reactive concentrated liquidity protocol,” aims to maintain the price of its token, JIMBO, above a predetermined floor price. To achieve this, the protocol accumulates Ethereum in its treasury and utilizes the funds to defend the token’s value.
The platform is working with experts to fish out the attacker
The exploit that occurred on May 28 involved a flash loan attack, exploiting a vulnerability in the JimboController contract. The flaw allowed the attacker to manipulate the selling price of the JIMBO token, ultimately draining $7.5 million worth of Ether from the protocol’s liquidity pool.
Unfortunately, DeFi exploits have become a recurring issue within the Web3 ecosystem. However, there have been instances where exploiters have returned a significant portion of the funds after negotiating with development teams. Notably, Euler Finance experienced a hack resulting in over $195 million in losses on March 13, but the attacker later returned most of the funds. A similar incident occurred with the Sentiment liquidity protocol on April 4, where the attacker returned 85% of the exploited funds on April 6.
The Jimbos Protocol team claims to be working closely with security researchers and on-chain analysts who have previously investigated similar incidents. Their collaboration aims to identify the attacker and take appropriate measures to safeguard the protocol and its users.
While DeFi exploits continue to pose challenges, the response from development teams, collaboration with security experts, and negotiation efforts have played a role in recovering funds and mitigating the impact on users within the Web3 ecosystem.