Jimbos Protocol, a DeFi platform hosted on the Arbitrum network, was recently exploited, resulting in a staggering loss of $7.5 million worth of Ethereum (ETH). The culprit took advantage of a design loophole that originated from a recent system update.
Price Imbalance Exploited
This flaw presented an opportunity for the hackers to manipulate the protocol’s liquidity controls. The adverse actors exploited the lack of slippage restriction on tokens and carried out liquidity-shifting operations. These maneuvers created a significant price disparity, providing a window for the hackers to profit via reverse swap operations.
Security Firm Discloses Theft Details
It appears today’s @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).
This hack is due to the lack of slippage control of liquidity-shifting operation — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD
— PeckShield Inc. (@peckshield) May 28, 2023
Blockchain security specialist PeckShield reported the misappropriation of 4,090 ETH over the weekend. The hijackers used the Stargate bridge in combination with the Caler Network to transport the stolen ETH away from the Ethereum network.
The DeFi Dilemma
Jimbos Protocol, launched merely a month back, had previously encountered a smart contract glitch, negatively impacting its overall functionality. The platform’s users were cautioned against engaging with the flawed system and urged to wait for the incoming update. This incident underscores the ongoing risks associated with DeFi platforms and the paramount importance of robust security.
JIMBO Token Sees Steep Decline
The consequences of the hack rippled through the ecosystem, leading to a 40% drop in the value of the protocol’s native token, JIMBO. This reflects how design flaws can foster an environment that’s susceptible to cyberattacks, causing tangible financial damage.
Protocol’s Post-Breach Measures
In response to the breach, Jimbos Protocol has enlisted the help of security researchers and on-chain analysts. Moreover, it’s considering reaching out to law enforcement agencies to resolve the issue. This serves as a wake-up call to the DeFi community, emphasizing the necessity of comprehensive security audits and iron-clad protocols in preventing similar future events.
Also Read: Symbiosis Adds Arbitrum Nova to Expand DeFi Connectivity