Jimbo, a DeFi protocol, hacked for $7.5m in a slippage-related flaw
Jimbo, a decentralized finance (DeFi) protocol allowing users to earn interest on their digital assets, is the latest to suffer an attack resulting in the loss of 4,090 ethereum (ETH), worth $7.5 million, a Peckshield update on May 28 shows.
The protocol deployed on Arbitrum, an Ethereum layer-2 platform, approximately three weeks ago.
Jimbo Protocol hacked
The incident occurred due to weakness causing liquidity-shifting procedures to lack slippage control.
Slippage refers to the difference between the expected price of a transaction and the price at which it is executed. This variation may arise when market orders are utilized during high volatility, leading to significant price fluctuations.
The flaw in Jimbo was not related to slippage but rather the absence of control measures to minimize it. It allowed the liquidity owned by the protocol to be invested at inconsistent or distorted prices.
As such, hackers could manipulate liquidity and alter the balance of price range in their favor through a reverse swap operation.
Jimbo’s team quickly acknowledged the incident on social media following the attack. They stated that they are collaborating closely with law enforcement and skilled cybersecurity professionals.
Following this hack, JIMBO, the Jimbo Protocol native token, plunged 40% six hours after the breach.
hack’s impact on crypto and ETH
According to data from CoinGecko, ethereum (ETH) currently trades at $1,844.82 with a 24-hour trading volume of $5,005,999,0046. Despite the hack, the markets have not yet shown any significant reaction.
This can be attributed to the increasing resistance of cryptocurrency markets to such breaches.
Investors might also consider the hack a problem unique to Jimbo’s Protocol rather than a sign of broader market instability. The incident stands out as an attempt to take advantage of a flaw in a specific decentralized app (dapp) rather than an external hack targeting Ethereum’s core infrastructure.
As a protocol-specific hack, it demonstrates the importance of integrating strong slippage-controlled procedures in DeFi protocols to reject attempts of price manipulations.