The Jimbos Protocol project based on the Arbitrum network was attacked, as a result of which unknown people withdrew 4090 ETH from smart contracts (over $7.5 million at the exchange rate at the time of writing). This was reported by PeckShield analysts.
It appears today’s @jimbosprotocol hack leads to the 4090 ETH loss (w/ ~$7.5M).
This hack is due to the lack of slippage control of liquidity-shifting operation — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD
— Peck Shield Inc. (@peckshield) May 28, 2023
The project team confirmed exploit. The developers said they are “actively in contact” with law enforcement and security professionals.
They also published on the Ethereum blockchain, a message in which they offered hackers to return the stolen assets for a 10% reward and waiver of prosecution. At the time of writing, as specified by the team address no funds were received.
PeckShield noted that the exploit is related to a “slip control flaw” in relation to tokens that are under the control of the protocol. According to analysts, the stolen funds were withdrawn through the Stargate and Celer Network infrastructure.
— PeckShieldAlert (@PeckShieldAlert) May 28, 2023
Numen Cyber said that for the attack, the attackers initiated an instant loan for 10,000 ETH. These assets were used to manipulate the price of the JIMBO token, with the subsequent emptying of liquidity pools.
👉 The attacker initiated a flash loan of 10,000 $ETH as initial capital
— Numen Cyber (@numencyber) May 28, 2023
Jimbos Protocol originally launched on May 16th. Shortly after the start of work, the team abandoned the first version of the protocol due to a critical bug in smart contracts and introduced the second iteration of the application.
According to DEX Screener, amid news of a hacker attack, the price of the JIMBO token collapsed by 25%. At the time of writing, the asset is trading near $0.18.
Recall that in May 2023, unknown persons withdrew assets worth $6 million from the Deus Finance DeFi protocol.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!