HQ/EMEAFind out how we can help your business
In a significant setback for Jimbos Protocol, a decentralised finance (DeFi) project operating on the Arbitrum platform, a devastating flash loan attack occurred, leading to a significant loss of over 4,000 ETH tokens valued at a sum exceeding $7,500,000.
The company disclosed the breach through a Twitter announcement and has since taken immediate measures, involving law enforcement and security experts to minimise the impact. Alarmingly, the incident transpired a mere three days following the launch of the platform’s V2 protocol, leaving many investors susceptible to harm as the perpetrator cleverly made off with 4,090 ETH tokens.
The absence of slippage control on the platform allowed a flash loan attack to target Jimbos Protocol.
The jimbo token, known for its semi-stable floor price supported by assets, relies on various mechanisms such as taxes and incentives to uphold its value stability. However, in the aftermath of the recent hack, the price of jimbo experienced a rapid and severe decline, plummeting from $0.238 to a mere $0.0001 at the time of writing.
This sharp drop in value highlights the vulnerability of the token’s stability measures in the face of the flash loan attack, a transaction where users borrow a significant quantity of tokens and are obligated to repay them within the same immediate transaction.
Slippage control serves as a safeguard mechanism that limits the extent of token price fluctuations during the duration of a trade, including flash loans, ensuring they remain within an acceptable range.
While Jimbo Protocol had previously cautioned investors regarding the experimental nature of Jimbo V1, emphasising the absence of audits and the potential for unforeseen circumstances leading to the loss of invested funds, the release of Jimbo V2 aimed to address issues such as slippage and enhance overall security.
Consequently, it was positioned as a more reliable investment prospect for a short-lived period of three days.
During the extremely brief window between acquiring and repaying the loan, an attacker can exploit vulnerabilities within the DeFi platform or manipulate token prices, thus profiting from the difference while placing the burden on the lender.
This scenario has occurred multiple times, even in lending protocols that were well-secured and thoroughly audited. For the Jimbos Protocol incident, the attacker capitalised on a $5.9 million flash loan, manipulating the market to distort price ranges, subsequently trading back the tokens, and successfully fleeing with 4,090 ETH.
The DeFi platform remains dedicated to ensuring transparency and has emphasised its commitment to providing timely updates and further details concerning the incident.
