BanklessTimes
Home News Protocol on Arbitrum Loses $7.5M in Exploit

Protocol on Arbitrum Loses $7.5M in Exploit

Daniela Kirova
Daniela Kirova
Daniela Kirova
Author:
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.
May 29th, 2023
  • The exploiter took advantage of the absence of slippage control on liquidity exchanges
  • Liquidity was invested in uneven price range, loophole where swap orders could be reversed

Jimbos, a protocol in the Arbitrum Network, was hacked yesterday morning according to blockchain security firm PeckShield, Cointelegraph reported. The exploiter made away with 4,000 ether, which was roughly equivalent to $7.5 million at the time of the attack.

The exploiter took advantage of the absence of slippage control on liquidity exchanges. Jimbos’ liquidity is invested in an uneven price range, generating a loophole where swap orders can be reversed for cybercriminals’ gain.

The attacker took out a flash loan of $5.9 million, manipulated JIMBO token prices, and made away with community funds.

Protocol had a logical weakness

Jimbos was launched less than three weeks ago and aimed to address token volatility and liquidity issues through a new approach. Its creators were going to issue a semi-stable cryptocurrency backed by a collection of tokens.

The mechanism emerged to be inadequate, leading to a logical weakness, which made it vulnerable to attacks.

According to PeckShield data, the exploiters stole 4,090 ETH from the Arbitrum Network. Then, they used the Celer Network and the Stargate bridge to transfer around 4,048 ETH from the Ethereum Mainnet.

Jimbos is working with security experts to get the money back. If the exploiter doesn’t return it voluntarily, they will contact law enforcement by 4 PM UTC today.

Arbitrum seems particularly vulnerable

Hacks of DeFi protocols are not a new phenomenon by any means. The DeFi space continues to be plagued by numerous attacks. On May 19 Swaprum, a decentralized exchange also based on the blockchain Arbitrum, disappeared with user deposits worth $3 million aftera rug pull. The SWAP token’s value plummeted to zero thereafter.

The DeFi space struggles to protect its users from vulnerabilities and unauthorized access. Recently, the 0VIX protocol also fell victim to a flash loan attack, which led to a loss of nearly $2 million.

Tornado Cash was attacked earlier

An unidentified attacker or group took over the DAO handling the funds, operations, and projects of privacy mixer Tornado Cash, as Bankless Times reported on May 20.

The exploiter injected malicious code, hiding a key function and granting him fake votes, which he could use to withdraw locked Tornado Cash (TORN) tokens in the main governance contract.The attacker later proposed to reverse the malicious changes.

Contributors

Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.