The Jimbos Protocol project, hosted on Arbitrum (ARB), was hacked shortly after the deployment of its second version, resulting in the theft of $7.5 million in Ethers (ETH). The hacker exploited a slippage control flaw using a flash loan to manipulate the price of the JIMBO token, which lost 40% in the process.
Jimbos Protocol suffers a $7.5m hack
Quebec’s
Just a few days after the deployment of its second version, the Jimbos Protocol project hosted on layer 2 Arbitrum (ARB) was siphoned off 4,090 Ethers (ETH), or around $7.5 million at the time of the event, i.e. 28 May.
PeckShieldAlert The @jimbosprotocol exploiter has bridged the stolen funds (4,048 $ETH valued at ~$7. 5M) to Ethereum and they are located at https://t.co/vMMZPfJwKI pic.twitter.com/Rek199sQbF
– PeckShieldAlert (@PeckShieldAlert) May 28, 2023
At the time of writing, the funds are still on the same address in the form of ETH, which has been tagged by the Etherscan explorer accordingly.
As for the methodology used by the hacker, he simply exploited a slippage control flaw in the protocol by repeating swaps several times using a $5.9 million flash loan. This method is often used by hackers, and has led to the hacking of the Platypus and Nereus Finance protocols, among others.
Once in possession of the funds, the hacker then routed them via the Stargate and Celer bridges.
Cours du JIMBO, le token natif de Jimbos Protocol
In its latest tweet, Jimbos Protocol asked several on-chain investigators for help in tracking the hacker’s money movements, including ZachXBT, samczsun and Mudit Gupta. None of them seem to have responded yet.
Using certain codes from the Olympus protocol, Jimbos Protocol aimed to solve certain problems of liquidity and volatility, one being mechanically and intrinsically linked to the other.
Hacks on the decline at the start of 2023
According to a report by TRM Labs, around $400 million was stolen through forty or so hacks in the first quarter of 2023, a drop of more than 70% compared to the same period in 2022.
Of course, insofar as a few hacks make up the bulk of the funds stolen over a certain period because of the amounts involved, the situation in the first quarter does not allow us to predict what might happen for the rest of the year. Just 10 hacks accounted for 75% of the funds stolen over the whole of 2022, according to TRM Labs.
According to CertiK, a firm specialising in blockchain security, bridges will once again be prime targets for malicious hackers in 2023.
Because of the way they work, bridges are very important sources of liquidity in the decentralised finance ecosystem (DeFi), as demonstrated by the now infamous 624 million Ronin hack last year, among others.
