Arbitrum-based Jimbos Protocol hacked for $7.5M, JIMBO price drops 40%

Arbitrum-based Jimbos Protocol hacked for $7.5M, JIMBO price drops 40%

By Benson Toti - min read
CoinStats temporarily shuts down, advises users to transfer their funds
  • The Jimbos Protocol team acknowledged the hack and said it had contacted law enforcement.
  • Blockchain security platform PeckShield noted the attack followed a compromise on Jimbos liquidity conversion mechanism.
  • The price of JIMBO, the underlying liquidity token, fell by 40% as the market reacted to the hacking news.

Arbitrum-based Jimbos Protocol was hacked on the morning of May 28, resulting in the loss of over 4,000 Ether (ETH), worth approximately $7.5 million at the time.

As a result of the hack, the price of the underlying token, Jimbo (JIMBO), has plummeted by 40%.

Another day, another hack

Malicious attacks within the cryptocurrency sector continue to be a blot on the growing industry, with attackers exploiting vulnerabilities to steal assets worth millions of dollars from platforms and users. The latest is an attack that exploited Jimbos’ liquidity conversion mechanism to see 4,090 ETH tokens stolen.

Jimbos Protocol is a relatively new protocol that was launched less than 20 days ago. The protocol aims to address liquidity and volatile token prices through a new testing approach. However, it looks like the protocol’s mechanism was not adequately secured, with the result being the vulnerability that was exploited by the hacker.

According to blockchain security and data firm PeckShield, the hacker was able to reverse swap orders for their own gain, resulting in the loss of funds.

The company tweeted its assessment following the unfortunate event:

This hack is due to the lack of slippage control of liquidity-shifting operation — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in reverse swap for profit.”

The Jimbos Protocol team announced it was “aware” of the attack and that they had contacted law enforcement and blockchain security professionals.

Earlier this month, as reported here, an attacker compromised the Tornado Cash protocol and stole 483,000 TORN tokens. They then moved to swap these tokens into ETH. The attacker managed their exploit by seizing control of the Tornado Cash governance system. 

TORN price fell 50% in reaction to the news.