Arbitrum’s Jimbos Protocol Falls Victim to Hack, Resulting in $7.5 Million Loss
In a recent announcement, blockchain security firm PeckShield revealed that Jimbos Protocol, a liquidity protocol within the Arbitrum ecosystem, had fallen victim to a significant attack resulting in the loss of 4,000 ETH, equivalent to approximately $7.5 million USD. PeckShield took to Twitter to share the news, stating that the hack was a consequence of the protocol’s lack of slippage control on liquidity-shifting operations.
The exploit involved the manipulation of the price range by taking advantage of the liquidity invested by the protocol. This allowed the attackers to execute reverse swaps, thereby profiting from the imbalanced price range created by the protocol’s liquidity being invested in an uneven manner.
It appears today’s @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).
This hack is due to the lack of slippage control of liquidity-shifting operation — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD
— PeckShield Inc. (@peckshield) May 28, 2023
PeckShield further provided the trace flow of the hack transaction, which can be accessed at the following link: https://arbiscan.io/tx/0x44a0f5. The attackers exploited the absence of slippage control in the liquidity conversion process. By capitalizing on this vulnerability, they managed to reverse the swap order and gain illicit profits.
It is worth noting that Jimbos Protocol had only been launched around mid-May, making it less than 20 days old at the time of the attack. The protocol had announced plans to introduce new testing measures to address liquidity and token price volatility concerns. However, it appears that the protocol’s mechanisms were not yet fully developed, resulting in a logical loophole that facilitated the attack.
As a consequence of the breach, the platform’s native token, JIMBO, experienced a significant drop of 40% in value. It is unlikely that the token will recover its previous value anytime soon. PeckShield reported that the attackers withdrew 4,090 ETH from the Arbitrum network and subsequently utilized bridges such as Stargate and Celer Network to convert approximately 4,048 ETH into the Ethereum network.
This incident adds to a series of recent DeFi protocol hacks and exploits in the crypto market. While reports indicate a decline in the frequency of such attacks compared to previous years, the community has still witnessed several incidents in recent times. For example, earlier this month, the 0VIX protocol suffered a flash loan attack resulting in a loss of nearly $2 million USD. Additionally, Tornado Cash fell victim to an administrative takeover and saw a substantial amount of TORN tokens being withdrawn.
The continuous occurrence of security breaches highlights the importance of robust security measures and thorough protocol development within the decentralized finance ecosystem. Developers and security experts must collaborate to identify and address vulnerabilities to safeguard users’ funds and maintain the trust of the crypto community.
- Founder Of PSYOP Pledges Full Refunds To Ethereum Users Hit By Phishing Scam
- Hackers Exploit The Sandbox CEO’s Twitter Account To Promote Fake Airdrops