Jimbos Protocol, a decentralized finance (DeFi) protocol in the crypto industry, has recently joined the growing list of hacked DeFi platforms. The hack, which occurred on the morning of May 28, resulted in the loss of 4,000 Ether (ETH), worth approximately $7.5 million, according to blockchain security firm PeckShield. The attacker exploited a loophole in the protocol’s liquidity conversions due to a lack of slippage control.
The Technicality of the Attack
The hackers capitalized on the protocol’s flawed liquidity investment mechanism. In Jimbos Protocol, the liquidity is invested in a price range that doesn’t have to be equal. This structural flaw allowed the attacker to reverse swap orders for personal gain. This vulnerability was exploited despite Jimbos Protocol’s less than 20-day existence and its aim to regulate liquidity and token price volatility. As a result, the price of Jimbos Protocol’s native token, Jimbo (JIMBO), fell sharply by 40%.
Also Read: Sberbank Launches Decentralized Finance Platform in Russia
PeckShield’s investigation revealed that the hackers managed to remove 4,090 ETH from the Arbitrum network. They then used the Stargate bridge and the Celer Network to transfer around 4,048 ETH away from the Ethereum network.
The Persistent Challenge of DeFi Hacks
The crypto industry has repeatedly witnessed hacking incidents in DeFi protocols. Despite the overall number of attacks declining in recent years, the community continues to confront numerous exploits. Even with efforts to strengthen security protocols, DeFi platforms struggle to mitigate potential vulnerabilities and unauthorized access.
For instance, the 0VIX protocol recently suffered a significant loss of nearly $2 million due to a flash loan attack. Another significant event was the hacking of Tornado Cash, a well-known privacy-focused protocol. In this case, anonymous hackers managed to siphon off a large amount of Tornado Cash (TORN) tokens, resulting in significant financial losses.