Arbitrum-based Jimbos Protocol has become the latest decentralized finance (DeFi) project to fall victim to a hack, resulting in the hacker stealing a significant amount of funds.
The hack, targeting Version 2 of the Jimbos Protocol, resulted in a loss of $7.3 million.
The Latest Hack to Rock DeFiThe decentralized finance (DeFi) ecosystem continues to be a prime target for hackers, with the hack of the Jimbos Protocol the latest to occur. The protocol was hacked on the 28th of May, 2023, resulting in the loss of around 4000 ETH, worth around $7.3 million, according to data sourced from PeckShield. PeckShield posted an update regarding the hack on their Twitter handle, stating,
“It appears today’s @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M). This hack is due to the lack of slippage control of liquidity-shifting operation -- such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in a reverse swap for profit.”
Security analysts blamed the hack on a lack of slippage controls in the primary contract. This allowed the hacker to take out a flash loan, manipulate the price of the protocol’s native token and steal the treasury funds. The protocol intended to issue a semi-stable token backed by a basket of crypto tokens. However, it seems like the protocol’s mechanisms were not adequately developed, leading to a vulnerability that hackers exploited. As a result of the attack, the value of the protocol’s native JIMBO token has dropped by 40%.
Flash loans have become a popular mode for hackers to steal funds on DeFi systems. These loans enable traders to borrow unsecured funds from lenders. However, they do not require any collateral because the smart contract considers the transaction complete only once the borrower repays the lender. Any borrower defaulting on the flash loan would cancel the transaction and return the funds to the lender.
Jimbos Protocol Trying To Recover FundsDevelopers working with the protocol are exploring the best way forward and are working with the same security researchers that helped Euler Finance recover $200 million following their exploit. Furthermore, the team also added that they would contact the authorities by Monday if the attacker failed to return the stolen funds. The protocol shared an update on Twitter, stating,
“Quick update: We are already working with multiple security researchers and on-chain analysts who helped with both the Euler Finance and Sentiment exploits. We will start working with law enforcement agencies tomorrow by 4 PM UTC if this isn’t sorted out by then.”
DeFi’s Hacker ProblemThe DeFi ecosystem has been plagued by hacking incidents, and while there has been a notable decline, the ecosystem continues to deal with the challenge of safeguarding vulnerabilities and restricting unauthorized access. This is despite constant efforts to enhance security measures governing the ecosystem. One recent flash loan attack targeted the 0VIX protocol, leading to the loss of nearly $2 million. Tornado Cash, a prominent privacy-focused protocol, also fell victim to a hack when unknown attackers compromised the protocol and accessed a significant number of TORN tokens. This led to considerable losses for the protocol.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.