The immediate consequence was that the price of the native token of the Jimbos Protocol, Jimbo (JIMBO), plummeted by 40%.
In the ever-evolving world of decentralized finance (DeFi), security remains a persistent challenge. The latest victim of a protocol hack is Jimbos Protocol, a decentralized liquidity platform operating on the Arbitrum system. The attack resulted in a loss of 4,000 Ether (ETH), valued at around $7.5 million during the incident.
The attack on Jimbos Protocol exploited a critical vulnerability related to the lack of slippage control on liquidity conversions. While slippage typically refers to price discrepancies during volatile market conditions, this particular vulnerability allowed liquidity to be invested at inconsistent or distorted prices. Attackers took advantage of this loophole by executing reverse swap orders, manipulating the price range to their advantage.
It appears today’s @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).
This hack is due to the lack of slippage control of liquidity-shifting operation — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD
— PeckShield Inc. (@peckshield) May 28, 2023
The immediate consequence was that the price of the native token of the Jimbos Protocol, Jimbo (JIMBO), plummeted by 40%. However, despite the hack, the broader cryptocurrency markets remained resilient, indicating investors’ confidence in distinguishing protocol-specific vulnerabilities from wider market instability.
The Jimbos Protocol hack joins a growing list of DeFi protocol breaches, emphasizing the persistent need for enhanced security measures. This incident further highlights the importance of integrating robust slippage-controlled procedures into DeFi protocols to deter price manipulations and protect user funds.
By observing the trend of increasing attacks against DeFi protocols, we can recognize the need of conducting comprehensive security audits and testing before launching new protocols. While Jimbos Protocol aimed to address liquidity and volatile token prices through a novel testing approach, the inadequately developed mechanism left the protocol vulnerable to logical exploits.
In response to the attack, Jimbos Protocol promptly acknowledged the incident and announced a collaboration with law enforcement agencies and cybersecurity professionals. Such collaborative efforts are vital to mitigating the impact of security breaches and recovering stolen funds.
Quick update:
We are already working with multiple security researchers and on-chain analysts who helped with both the Euler Finance and Sentiment exploits.
We will start working with law enforcement agencies tomorrow by 4PM UTC if this isn’t sorted out by then.
— Jimbos Protocol (v2, soon) (@jimbosprotocol) May 28, 2023
RELATED ARTICLES
- Hackers steal $3.8 million from Defi Protocol DODO
- Hacker steals $24M from DeFi protocol Harvest Finance
- If Bitcoiners Want Bitcoin To Make It Big, They Need DeFi
- We Need Smarter Smart Contracts To Prevent DeFi Hacks
- SnatchCrypto hits DeFi, Blockchain Platforms with backdoor