- Arbitrum-based Jimbos Protocol has been hacked barely three weeks after its market premiere.
- The threat actor made away with 4,090 ETH, worth $7.54 million at current rates.
- The attacker capitalized on the lack of slippage control over tokens to execute the loot, PeckShield reports.
Ethereum (ETH) worth around $7.54 million has been stolen after a hacker exploited the Arbitrum-based Jimbos protocol 20 days after its launch. Reportedly, the attacker took advantage of the lack of slippage control over tokens to grab the loot.
Ethereum worth $7.54 million was stolen in a May 28 hack
Ethereum (ETH) worth approximately $7.54 million has been stolen in a hack attack on the Arbitrum-based Jimbos protocol. The exploit adds to the list of protocol hacks in the crypto sector. According to PeckShield, the renowned blockchain security unit, the Jimbos Protocol was exploited on Sunday morning, May 28. Notably, Jimbos is the liquidity protocol of the Arbitrum ecosystem.
It appears today's @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).— PeckShield Inc. (@peckshield) May 28, 2023
This hack is due to the lack of slippage control of liquidity-shifting operation -- such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD
The attack saw up to 4,090 ETH stolen, equivalent to $7.54 million at current rates. Specifically, the attacker capitalized on the lack of slippage control of liquidity conversions. Notably, Jimbos protocol’s liquidity is invested in a price range that does not require to be equal. According to PeckShield, this creates a loophole where attackers can reverse swap orders for their benefit.
The protocol debuted less than 20 days ago and was committed to addressing liquidity and volatile token prices by leveraging a new testing approach. Nevertheless, it seems the protocol’s mechanism was not developed sufficiently. Consequently, threat actors have spotted and exploited the vulnerability for their gain.
The flow of stolen funds, according to PeckShield
PeckShield has attempted to explain the flow of the funds. Based on the blockchain security unit’s findings, after the exploiters extracted a significant amount of $4,090 ETH from the Arbitrum network, they proceeded to use the Stargate bridge and the Celer Network to transfer and collect a colossal sum nearing 4,048 ETH from the Ethereum network, possibly factoring transaction fees. Based on current rates, this is about $74.6 million.
As unfortunate as the Jimbos protocol hack is, it is not an isolated case and adds to a stream of hacking incidents against decentralized finance (DeFi) protocols. Nevertheless, several reports have suggested a commendable decline in the number of such exploits in 2023 compared to the years prior; the community continues to fall victim to the many instances of hacks as of late.
Jimbos Protocol’s JIMBO token falls 20%
JIMBO, the ticker of the Jimbos protocol, has slumped by 40%, with little to no signs of a recovery.
At the time of writing, JIMBO is trading at $0.000003229 against wrapped Ethereum (WETH)
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.
If not otherwise explicitly mentioned in the body of the article, at the time of writing, the author has no position in any stock mentioned in this article and no business relationship with any company mentioned. The author has not received compensation for writing this article, other than from FXStreet.
FXStreet and the author do not provide personalized recommendations. The author makes no representations as to the accuracy, completeness, or suitability of this information. FXStreet and the author will not be liable for any errors, omissions or any losses, injuries or damages arising from this information and its display or use. Errors and omissions excepted.
The author and FXStreet are not registered investment advisors and nothing in this article is intended to be investment advice.