Arbitrum-based Jimbos Protocol Network Hacked for $7.5 Million in Ethereum.
BKMT Staff
May 28, 2023
Crypto & Blockchain
Joining the growing list of decentralized finance (DeFi) protocol hacks in the crypto industry, Jimbos Protocol has become the latest victim of an attack that resulted in a substantial loss of funds.
According to blockchain security firm PeckShield, Jimbos Protocol, which operates as a liquidity protocol on the Arbitrum system, was hacked on May 28. The attack led to the loss of 4,000 Ether, valued at approximately $7.5 million at the time.
With the lack of slippage control on liquidity conversions, the attack exploited the vulnerability to reverse swap orders and benefit from the price discrepancies in the liquidity range.
Jimbos Protocol, built on the Arbitrum network, aimed to create a token with a partially stable minimum price, backed by a pool of assets. Drawing inspiration from projects like Olympus DAO, which experienced a rapid price rise followed by a collapse, Jimbos Protocol sought to introduce changes for greater sustainability. The core concept involved utilizing the protocol's liquidity, along with taxes and incentives, to support the token's price.
Although the project launched on May 16, it encountered a smart contract bug shortly after, causing the protocol to malfunction. Users were advised not to interact with version 1 and were instructed to wait for version 2. The recently exploited version 2 of the protocol resulted in a significant price collapse, dropping from $0.24 to $0.
On the project's website, a disclaimer emphasizes the experimental nature of the mechanisms, the absence of audits on the contracts, and the potential loss of funds due to unforeseen circumstances at any given time.
While the number of DeFi protocol hacks has decreased compared to previous years, these incidents continue to highlight the ongoing challenge of securing the DeFi ecosystem against vulnerabilities and unauthorized access. For instance, the recent flash loan attack on the 0VIX protocol resulted in a substantial loss of nearly $2 million. Another notable recent event involved the hijacking of Tornado Cash, a prominent privacy-focused protocol, where unknown attackers successfully compromised the system and extracted a significant amount of Tornado Cash (TORN) tokens, leading to substantial financial losses.