Posted on May 30, 2023 at 11:39 PM

Jimbos Protocol Loses Over 4,000 ETH After A Hacking Incident

Jimbos Protocol, which runs on the Arbitrum network, has become the latest decentralized finance (DeFi) protocol that has suffered a hacking exploit. Hacking attacks in the decentralized finance (DeFi) industry have become prevalent in recent years. These attacks cause significant financial loss to the affected protocols.

Jimbos Protocol hacked for $7.5M

The exploit on the Jimbos Protocol was confirmed by the PeckShield blockchain security company. Jimbos is the liquidity program on the Arbitrum ecosystem, and the breach in question happened on May 28. The hackers managed to drain 4000 ETH tokens from the protocol. The Ether tokens were worth around $7.5 million at the time.

The hacker managed to drain these funds from the protocol by exploiting the lack of slippage restrictions on liquidity concerns. The liquidity in this protocol is invested within a price range that does not seek equality, which creates an access point for an unauthorized player to reverse the swap orders for their personal monetary gains.

The Jimbos protocol was released less than 20 days ago, and it has suffered a massive exploit within the short time that it has been in the market. The protocol seeks to use a new testing approach to address liquidity in the market and the volatility of token prices. This feature was launched to address volatility in the crypto space.

The mechanism used to support the functionality of this protocol has not been developed fully, resulting in a logical vulnerability that made the conditions in the market favorable towards attackers. The price of the underlying token known as JIMBO has since dropped by 40% because of this attack as traders bet against the performance.

The report published by PeckShield on the matter said that the attackers extracted 4,090 ETH tokens from the Arbitrum network. The report further said that the attackers made use of the Stargate bridge and the Celer Network to transfer around 4,048 ETH from the Ethereum network.

Hacking exploits continue to plague the DeFi industry

The DeFi industry has witnessed massive growth over the past few years. However, this growth has also attracted malicious players such as hackers. Hackers target DeFi protocols because they transact a large volume of funds, and they have also attracted many users.

Some reports have indicated that there has been a notable decline in the number of attacks reported in the DeFi space compared to the previous years. However, despite this decline, the community has remained exposed to a wide range of exploits.

The exploit on the Jimbos Protocol is not the only one that has been reported recently. The co-founder and CEO of The Sandbox Metaverse project, Arthur Madrid, was the victim of a breach to his Twitter account on May 26. The exploit on this Twitter account was revealed after Madrid recovered the account.

The attacker that was behind the account used Madrid’s account to promote a fake airdrop phishing exploit. The post made by Madrid on his Twitter account warned the users of The Sandbox metaverse not to click a link that promotes an airdrop or a URL that appears to be a scam. He also warned users to only use genuine URLs for The Sandbox project.

One of the most popular techniques that hackers use to launch hacking attacks against the crypto and DeFi industry is phishing campaigns. Phishing campaigns usually lure users into following links or completing malicious actions that might allow a threat actor to obtain access to the targeted device and possibly steal crypto assets from them.

The many hacking exploits that have been seen in the DeFi industry have triggered a need for advanced security measures to protect these protocols and their users. The DeFi industry is currently dealing with a major challenge of protecting itself against security vulnerabilities and unauthorized access to DeFi protocols.

Flash loan attacks have also become increasingly popular. One of the recent flash loan attacks happened on the 0VIC protocol, and the attack caused a significant financial loss of almost $2 million.

Some tools that are also used by hackers in the DeFi space have also been vulnerable to hacking exploits. Tornado Cash, a crypto mixer tool that is used by hackers to launder stolen crypto assets, was also the victim of a hacking incident.

Unknown threat actors successfully compromised the Tornado Cash ecosystem, after which they extracted a notable amount of Tornado Cash (TORN) tokens. The move resulted in significant financial loss, just like what happens with most protocols.