Arbitrum-based Jimbos Protocol was hacked on the morning of May 28, resulting in the loss of 4,000 Ether (ETH), worth approximately $7.5 million at the time.
The hack was carried out by an attacker who took advantage of the lack of slippage control on liquidity conversions.
The protocol’s liquidity is invested in a price range that doesn’t need to be equal, creating a loophole where attackers can reverse swap orders for their own gain.
Although launched less than 20 days ago, Jimbos Protocol aimed to address liquidity and volatile token prices through a new testing approach.
However, the protocol’s mechanism was not adequately developed, leading to a logical vulnerability creating favorable conditions for attackers. As a consequence, the price of the underlying token, Jimbo (JIMBO), has plummeted by 40%.
According to PeckShield’s findings, the attackers extracted 4,090 ETH from the Arbitrum network. Subsequently, they utilized the Stargate bridge and the Celer Network to transfer approximately 4,048 ETH from the Ethereum network.
Hacking incidents in DeFi protocols is not a novel phenomenon. While reports indicate a significant decline in the number of attacks compared with previous years, the community continues to be exposed to numerous exploits.
Despite efforts to enhance security measures, the DeFi ecosystem grapples with the persistent challenge of safeguarding against potential vulnerabilities and unauthorized access. An example is the recent flash loan attack on the 0VIX protocol, resulting in a substantial loss of nearly $2 million.