Jimbos Protocol, an Arbitrum-based decentralized finance (DeFi) protocol, has fallen victim to a hacking incident, resulting in a substantial loss of funds.
On the morning of May 28, according to blockchain security firm PeckShield, Jimbos Protocol experienced a hack on its liquidity protocol. The attack led to the loss of 4,000 Ether (ETH), valued at approximately $7.5 million at the time.
The attacker exploited the absence of slippage control on liquidity conversions within the protocol. By taking advantage of a loophole in which liquidity is invested in a price range that doesn’t need to be equal, the attacker was able to reverse swap orders for their own benefit.
Despite being launched less than 20 days ago with the goal of addressing liquidity and volatile token prices through a new testing approach, Jimbos Protocol suffered from an inadequately developed mechanism, leaving a logical vulnerability that favored the attackers. As a result, the price of the underlying token, Jimbo (JIMBO), experienced a significant decline of 40%.
PeckShield’s investigation revealed that the attackers managed to extract 4,090 ETH from the Arbitrum network. Subsequently, they utilized the Stargate bridge and the Celer Network to transfer approximately 4,048 ETH from the Ethereum network.
The DeFi space has witnessed numerous hacking incidents, although reports indicate a decline in the number of attacks compared to previous years. However, the community remains exposed to exploits and vulnerabilities. Recent examples include the flash loan attack on the 0VIX protocol, resulting in a loss of nearly $2 million, and the hijacking of Tornado Cash, where unknown attackers compromised the system and caused substantial financial losses by extracting significant quantities of Tornado Cash (TORN) tokens.
These incidents highlight the ongoing challenge faced by the DeFi ecosystem in strengthening security measures and protecting against unauthorized access and vulnerabilities.