Arbitrum liquidity protocol Jimbos suffers $7.5 million ETH hack

In a shocking development, Jimbos, an Arbitrum liquidity protocol, was recently breached by an unidentified hacker. The cybercriminal made off with 4090 Ethereum (ETH), which equates to roughly $7.5 million at current rates.

The recent breach of the Arbitrum liquidity protocol, Jimbos, contributes to an alarming trend in the cryptocurrency ecosystem: the increasing number of decentralized finance (DeFi) protocol hacks. Cybercriminals continue to target these systems, undermining the safety and security of digital currencies.

These ongoing breaches are raising serious concerns among stakeholders about the robustness of the security measures in place. The world of DeFi is under substantial threat, and more rigorous security solutions are urgently needed.

The recent breach of the Jimbos protocol can be attributed to a shortfall in controlling slippage during liquidity-shifting operations. The issue arose because the protocol’s owned liquidity was allocated into a skewed or imbalanced price range. This made the system vulnerable, providing an exploitable avenue for profit through reverse swaps.

It appears today's @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).

This hack is due to the lack of slippage control of liquidity-shifting operation — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD

— PeckShield Inc. (@peckshield) May 28, 2023

The lack of proper slippage controls within the protocol allowed for a situation where the liquidity, which should ideally have been spread out evenly, was channeled into an imbalanced price range.

This flawed allocation resulted in a distorted pricing mechanism that opened up the potential for malicious actors to take advantage. They executed reverse swaps to exploit the imbalance, leading to significant financial gain at the expense of the protocol.

In the wake of this recent security breach on the Jimbos protocol, the team behind Jimbos has promptly acknowledged the exploit. They have communicated openly about their awareness of the incident and the severity of the situation. Assuring users of their responsiveness, they have announced active engagement with law enforcement agencies and professional cybersecurity experts.

We are aware of the exploit regarding our protocol and are actively in contact with law enforcement and security professionals.

We will release further information when possible.

— Jimbos Protocol (v2, soon) (@jimbosprotocol) May 28, 2023

The recent attack on the platform has uncovered a glaring fault line in its security framework. In the wake of the breach, the platform’s inherent token, JIMBO, experienced a steep fall in value, plunging by more than 40% in just six hours.

#PeckShieldAlert $JIMBO has dropped -40%https://t.co/fXZPG27zdM pic.twitter.com/zMPs75jUtK

— PeckShieldAlert (@PeckShieldAlert) May 28, 2023

This dramatic drop was clearly illustrated in a chart shared by a blockchain security company with the larger cryptocurrency community.