The attacker took advantage of the lack of slippage control of liquidity conversions to steal the funds.
Adding to the existing number of protocol hacks in the crypto industry, Jimbos Protocol has not escaped the sights of the attackers as it has suffered an attack resulting in a loss of a large amount of funds.
According to PeckShield, a blockchain security unit, Jimbos Protocol, the liquidity protocol of the Arbitrum system, was hacked on the morning of May 28. The attack resulted in the loss of 4,000 ETH, equivalent to approximately $7.5 million.
Specifically, the attacker took advantage of the lack of slippage control of liquidity conversions. The protocol's liquidity is invested in a price range that doesn't need to be equal, creating a loophole where attackers can reverse swap orders for their own gain.
Despite being launched less than 20 days ago, the Jimbos Protocol aimed to address liquidity and volatile token prices through a new testing approach. However, it appears that the protocol's mechanism was not adequately developed, leading to a logical vulnerability that created favorable conditions for attackers. As a consequence, the price of the underlying token, JIMBO, has plummeted by 40% and shows little sign of recovery.
According to PeckShield's findings, the attackers managed to extract a significant amount of 4,090 ETH from the Arbitrum network. Subsequently, they utilized the bridge called Stargate and the Celer Network to transfer and collect a substantial sum of approximately 4,048 ETH from the Ethereum network.
The occurrence of hacking incidents targeting decentralized finance (DeFi) protocols is not a novel phenomenon within the cryptocurrency market. While there have been reports indicating a significant decline in the number of such attacks when compared to previous years, the community has still been exposed to numerous instances of exploitation in recent times.
Despite efforts to enhance security measures, the DeFi ecosystem continues to grapple with the persistent challenge of safeguarding against potential vulnerabilities and unauthorized access. An example lies in the flash loan attack the 0VIX protocol fell victim to, resulting in a substantial loss of nearly $2 million.
Another noteworthy occurrence involved the hijacking of Tornado Cash, a prominent privacy-focused protocol. Unknown attackers successfully compromised the system and extracted significant quantities of TORN tokens, leading to substantial financial losses.