Jimbos Protocol Hacked for $7.5 Million in Ethereum Using Flash Loan Exploit

An arbitrum-based protocol, Jimbos, lost over $7.5 million in ETH to a flash loan exploit. Leading blockchain analytics firm PeckShield spotted the exploit and contacted Jimbos about it.

According to the report, the hackers carted away 4,090 ETH from the protocol. News of the exploit adversely affected Jimbos native token, plunging it by approximately 100% from $0.31 to $0.00, according to Tradejoexyz data.

How The Hackers Carried Out Jimbos Exploitation

Jimbos is a DeFi protocol launched on May 16, allowing users to earn interest on their crypto assets. 

Shortly after its launch, the protocol experienced a Smart Contract bug that stopped it from working as expected. Immediately, the team suspended users from interacting with version 1 and waiting for 2. This exploit happened on the Jimbos version 2, which users were advised to use. 

According to PeckShield, the incident makes Jimbos, the latest DeFi protocol, suffer hack exploitation due to a lack of spillage control of liquidity. 

The security firm disclosed that the hackers exploited a code vulnerability to execute a flash loan, allowing them to borrow tokens and repay instantly, leaving a skewed price range. Afterward, they leveraged the imbalanced price range to reverse swap tokens for profit.

PeckShield also revealed that the hackers first stole 4,090 ETH from Jimbos and bridged it for 4,048 ETH from Arbitrum to Ethereum using Stargate and Celer Network.

Jimbos Moves To Retrieve Lost Funds

In a tweet, Jimbos protocol said it has reached out to multiple security firms and on-chain analysts who had helped resolve the Sentiment and Euler Finance hacks. One of the on-chain sleuths, Cryptogle, who helped Euler to recover $200 million, confirmed Jimbos’ update. 

He said: “The kitchen is about to get hot for the hackers if they don’t send most of the funds back ASAP.” 

It is worth noting that Euler Finance lost millions of dollars in assets in a flash loan exploit in March 2023.  However, the hacker returned virtually all stolen funds while trying to evade legal actions after on-chain sleuths uncovered his real identity.

In Jumbos’ case, the protocol has contacted these investigators and hopes to achieve similar results as Euler. The team noted that it is working with law enforcement agencies to resolve the issue.

The Jimbos exploitation is just one of many DeFi exploits over the past few months. According to PeckShield’s report, hackers have stolen $93.4 million from 41 crypto exploits in 2023, with more than one exploit daily.