Amid the unfortunate trend of DeFi security breaches, the industry has suffered yet another massive attack, with the Arbitrum liquidity protocol Jimbos at the receiving end this time. According to preliminary reports, over 4,000 ETH worth over $7 million were stolen during the attack.
In reaction to the unfortunate incident, the protocol’s associated token, JIMBO, has plummeted dramatically, losing 40% of its value within six hours of the hack. This attack followed the recent Tornado Cash hijacking, highlighting the worrying trend of successful attacks on DeFi projects.
Hackers exploited Jimbo’s slippage control mechanism
The hack exploits a vulnerability in the protocol’s slippage control mechanism after discovering a flaw that lets them use an imbalanced price range to manipulate the protocol and steal funds. Since Jimbo’s protocol is only 20 days old, this attack marks the first security vulnerability discovered in its design, albeit at a significant cost.
Jimbos Protocol’s developers aimed to correct volatile token prices using an innovative method but obviously didn’t think too much about the security of their approach. Unfortunately, they and the rest of the community had to learn the hard way, losing millions of dollars to hackers in the process.
How it affects the community
Barely hours after the attack was made public, the JIMBO token dropped massively in value, marking its first significant impact on the community. Users who invested in the project have lost everything, as the hackers stole the entirety of the project’s reserve.
With the Tornado Cash incident and this breach, end users will likely start asking hard questions before trusting future DeFi projects. While attacks on DeFi projects have slowed over the years, they’re still unacceptably high, as nobody should have to lose their money to a hacker due to a platform vulnerability.
Future DeFi projects would also want to consider making security a core part of their projects and not simply an afterthought.