The Arbitrum-based Jimbos Protocol has been exploited for 4090 ETH worth $7.5 million three days after its version 2 launch.
PeckShield reported the hack was enabled by the protocol’s lack of control over slippage for the tokens under its control.
This hack is due to the lack of slippage control of liquidity-shifting operations — such that the protocol-owned liquidity is invested into a skewed/imbalanced price range, which is exploited in a reverse swap for profit.
The liquidity protocol hacker made use of a $5.9 million flash loan to carry out the attack.
“We are aware of the exploit regarding our protocol and are actively in contact with law enforcement and security professionals. We will release further information when possible,” Jimbos Protocol tweeted.
The Arbitrum-based Jimbos Protocol was initially launched on May 16. But shortly after its launch, a smart contract bug halted the protocol from working. Users were told to not interact with version 1 and wait for version 2.
The token’s price has fallen 25% from $0.25 to $0.15 after the hack of version 2.
The Defi protocol aimed to address liquidity and volatile token prices through a new testing approach. But it seems that the protocol’s mechanism was inadequate that created favorable conditions for attackers.