The incident comes barely three days after Jimbos Protocol launched its version 2.
Arbitrum-based Jimbos Protocol may be the latest in a long line of victims of decentralized finance (DeFi) protocol hacks. This follows after hackers hit the crypto project on the morning of May 28, making away with 4,090 ETH ($7.5 million).
The incident comes barely three days after Jimbos Protocol launched its version 2 as the attacker moved swiftly to exploit a vulnerability in the protocol. According to crypto analyst PeckShield, the protocol lacked slippage control for the tokens under it, thus creating an opportunity for an attacker to reverse swap orders for their gain. And as records show, the exploiter used a $5.9 million flash loan to carry out the attack.
Meanwhile, the protocol has also confirmed the incident on its Twitter page. It claims to have begun investigating the issue, and would only divulge more information when possible. The statement read in part:
“We are aware of the exploit regarding our protocol and are actively in contact with law enforcement and security professionals.”
Expectedly, the protocol’s underlying token JIMBO has reacted to the news of the hack. According to CoinMarketCap data, the token which was trading at 0.2464 before the incident, now trades at 0.1817. This represents more than a 26% loss.
Jimbos Protocol Hack Re-opens Concerns about DeFi
It is worth mentioning that the recent exploit has now reopened conversations about how the DeFi ecosystem is a constant target of various attacks. While flash loan attacks are almost synonymous with DeFi protocols, recent reports may have suggested a significant decline in the number of attacks. That is when compared with previous years.
Without a doubt, the reduced occurrences are likely linked to recent efforts to improve security measures. Nonetheless, Jimbos hack and many similar ones in recent times have shown that the DeFi ecosystem is still faced with these vulnerabilities.
Recall the recent flash loan attack that saw the 0VIX protocol lose about $2 million. Similarly, attackers notably infiltrated the privacy-focused Tornado Cash protocol. And they were able to cart away substantial amounts of Tornado Cash (TORN) tokens.
next