Arbitrum-based Jimbos has become the latest victim of hacking. According to the reports, they lost 4000 Ethereum (ETH) worth 7.5 million (approx). The hackers deployed a flash loan exploit on May 28 to execute this move. Blockchain analytics firm PeckShield was the first to divulge this news among the community. Right after the news was broadcast, the Jimbos’ native token took a fall.
From $0.31, it came down to $0.19. The month-old protocol became the latest prey for the miscreants carrying Defi hacks in recent months. It focused on volatility and liquidity while offering some basic solutions to crypto users. Apparently, some vulnerabilities in the code exposed the platform to such risks during liquidity conversions.
What Jilmbos has to say
Jimbos released a statement on the status quo soon after the incident. They said they are trying to resolve the issues with many on-chain analysts who helped in Euler Finance and Sentiment in the same scenario.
One of the leading on-chain investigators, Cryptogle, who helped Euler recover $200 million, said that they’ve taken hold of the situation already. They informed me that Euler Finance was swindled with the same hack, a flash loan exploit. However, the attacker returned all the tokens when the investigators found his real identity. He did it to avoid legal action from the firm.
Jimbos is hoping that something similar will happen to them. To make this happen, they’ve reached out to one of the most prominent on-chain analysts, Zachxbt. The protocol also informed that they’re ready to approach law enforcement agencies if their efforts don’t yield any results.
What caused the vulnerability?
Peckshield informed that the protocol didn’t make sufficient efforts to protect the liquidity conversions. This paved way for the easy execution of the flash loan. The loophole surfaced due to the liquidity being invested in a price range without equal values. It lets the hackers reverse swap their orders and get hold of a large quantity of Ethereum worth millions.
The initial investigation by PecShield disclosed that the attacker illicitly embezzled 4090 ETH. They also deployed Celer Network and Stargate to turn Arbitrum into Ethereum.