Ethereum worth $7.5M stolen in Arbitrum-based Jimbos Protocol exploit
- Arbitrum-based Jimbos Protocol has been hacked barely three weeks after its market premiere.
- The threat actor made away with 4,090 ETH, worth $7.54 million at current rates.
- The attacker capitalized on the lack of slippage control over tokens to execute the loot, PeckShield reports.
Ethereum (ETH) worth around $7.54 million has been stolen after a hacker exploited the Arbitrum-based Jimbos protocol 20 days after its launch. Reportedly, the attacker took advantage of the lack of slippage control over tokens to grab the loot.
Also Read: Arbitrum price prepares for recovery as whales accumulate $200 million worth of ARB
Ethereum worth $7.54 million was stolen in a May 28 hack
Ethereum (ETH) worth approximately $7.54 million has been stolen in a hack attack on the Arbitrum-based Jimbos protocol. The exploit adds to the list of protocol hacks in the crypto sector. According to PeckShield, the renowned blockchain security unit, the Jimbos Protocol was exploited on Sunday morning, May 28. Notably, Jimbos is the liquidity protocol of the Arbitrum ecosystem.
It appears today's @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).
— PeckShield Inc. (@peckshield) May 28, 2023
This hack is due to the lack of slippage control of liquidity-shifting operation -- such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD
The attack saw up to 4,090 ETH stolen, equivalent to $7.54 million at current rates. Specifically, the attacker capitalized on the lack of slippage control of liquidity conversions. Notably, Jimbos protocol’s liquidity is invested in a price range that does not require to be equal. According to PeckShield, this creates a loophole where attackers can reverse swap orders for their benefit.
The protocol debuted less than 20 days ago and was committed to addressing liquidity and volatile token prices by leveraging a new testing approach. Nevertheless, it seems the protocol’s mechanism was not developed sufficiently. Consequently, threat actors have spotted and exploited the vulnerability for their gain.
The flow of stolen funds, according to PeckShield
PeckShield has attempted to explain the flow of the funds. Based on the blockchain security unit’s findings, after the exploiters extracted a significant amount of $4,090 ETH from the Arbitrum network, they proceeded to use the Stargate bridge and the Celer Network to transfer and collect a colossal sum nearing 4,048 ETH from the Ethereum network, possibly factoring transaction fees. Based on current rates, this is about $74.6 million.
Here comes the flow of stolen funds. @jimbosprotocol pic.twitter.com/HkUtTFZILv
— PeckShieldAlert (@PeckShieldAlert) May 28, 2023
As unfortunate as the Jimbos protocol hack is, it is not an isolated case and adds to a stream of hacking incidents against decentralized finance (DeFi) protocols. Nevertheless, several reports have suggested a commendable decline in the number of such exploits in 2023 compared to the years prior; the community continues to fall victim to the many instances of hacks as of late.
Jimbos Protocol’s JIMBO token falls 20%
JIMBO, the ticker of the Jimbos protocol, has slumped by 40%, with little to no signs of a recovery.
#PeckShieldAlert $JIMBO has dropped -40%https://t.co/fXZPG27zdM pic.twitter.com/zMPs75jUtK
— PeckShieldAlert (@PeckShieldAlert) May 28, 2023
At the time of writing, JIMBO is trading at $0.000003229 against wrapped Ethereum (WETH)
Also Read: Ethereum price inches closer to $1,900 even after losing the daily DeFi battle to Binance
Author
Lockridge Okoth
FXStreet
Lockridge is a believer in the transformative power of crypto and the blockchain industry.
