Just three days after the launch of its highly anticipated V2, Jimbos protocol fell victim to a devastating attack resulting in a loss of 4090 Ether worth $7.5 million.
According to a report from blockchain security firm PeckShield, the attack on the morning of May 28 was enabled by the protocol’s inability to regulate slippage for tokens under its control.
Understanding the Exploit
The attacker used a $5.9 million flash loan to carry out the hack. Specifically, the attacker discovered a flaw in the liquidity-shifting mechanism, allowing them to exploit the lack of effective slippage management.
By taking advantage of the skewed/imbalanced price range resulting from the liquidity allocation, the attacker executed reverse swaps to profit from the protocol-owned liquidity. Eventually, this manipulation led to a substantial loss of $7.5 million for the protocol.
Jimbos Protocol Undergoes Setbacks
Notably, the journey of the Jimbos Protocol has been marred by challenges right from its initial launch on May 16. Shortly after the launch, a smart contract bug surfaced, disrupting the protocol’s intended functionality. In response, users were advised to avoid interacting with the first version and await the release of version 2.
However, recent events have brought further setbacks to the project, as an exploit targeting version 2 resulted in a significant loss. As a consequence, the token’s price has plummeted by 25%, falling from $0.24 to $0.18.
Implications for Jimbos Protocol and DeFi Industry
While Jimbos has acknowledged the exploit on its official Twitter page and revealed that it is already in talks with law enforcement and security professionals, the exploit’s aftermath has cast a shadow of doubt over the future of Jimbos Protocol.
Investors who formerly regarded Jimbos as a promising investment prospect are now questioning the project’s integrity and capacity to provide a secure environment for their money.
Furthermore, the hack shows deeper flaws in the DeFi space. Despite ongoing efforts by developers and auditors to improve smart contract security, attacks continue to occur.
In recent times, the Defi ecosystem has come under attack following the revolutionization of the financial landscape. For instance, a malicious hacker reportedly removed and sold locked governance votes from Crypto Mixer, Tornado Cash.
Similarly, Hundred Finance also experienced an attack on the Optimism layer-2 scaling network, leading to the loss of assets valued at almost $7 million.