- Hackers exploit the vulnerabilities of the Jimbo protocol, causing a loss of $7.5 million.
- Activity on Trader Joe had a big impact, but there was no impact on JOE’s price.
On May 28, crypto security firm PeckShield announced that they suspected suspicious activity on the Jimbo protocol. Jimbo is a DeFi liquidity protocol with its own native token, JIMBO, which was launched via TraderJoe [JOE].
Hi @jimbosprotocol you might want to take a look: https://t.co/ayOYcMnHXJ
—PeckShield Inc. (@peckshield) May 28, 2023
Is your wallet green? Check out the Joe Profit Calculator
Poor skid control and its consequences
After further investigation, PeckShield reported that the hack led to the loss of 4090 Ether [ETH], worth approximately $7.5 million. The security breach resulted from inadequate slippage control in the liquidity-shifting operation, leading to the allocation of protocol-owned liquidity in a price range that was skewed or imbalanced.
Seems like today @jimbosprotocol hack leads to the loss of 4090 ETH (by ~$7.5 million).
This hack is due to the lack of slip control of the liquidity-shifting operation – so that the liquidity owned by the protocol is invested in a skewed/unbalanced price range, which is exploited in… https://t.co/wnQAeksojz pic.twitter.com/TPlqNlvnZD
—PeckShield Inc. (@peckshield) May 28, 2023
For context, slippage control refers to a mechanism or function that helps control price slippage during trading or liquidity operations. Price slippage occurs when there is a discrepancy between an asset’s expected price and its actual price. In the context of liquidity-shifting operations, slippage control aims to minimize the impact of large transactions or shifts in liquidity on the price of the asset.
This vulnerability was then exploited through a reverse swap mechanism, allowing the attackers to generate profit from the manipulated price movements.
A reverse swap mechanism, also known as a “flash loan attack”, is a type of exploit where an attacker borrows a large amount of assets (usually through a flash loan) and manipulates the market in their favor. The attacker executes a series of trades or transactions that intentionally affect the price or liquidity of certain assets, creating an opportunity for profit.
Once the manipulation is successful and the desired result is achieved, the attacker pays back the borrowed assets, usually within the same transaction, leaving the profit and no net risk.
Source: PeckShield
Holders left to deal with JOE
Due to the events that took place, the price of JIMBO fell by 40%, negatively impacting token holders.
#PeckShieldAlert $JIMBO has decreased -40%https://t.co/fXZPG27zdM pic.twitter.com/zMPs75jUtK
— PeckShieldAlert (@PeckShieldAlert) May 28, 2023
Realistic or not, here is ARB’s market cap in terms of BTC
TraderJoe, a DEX protocol launched on Arbitrum [ARB] and avalanche [AVAX] was used to make JIMBO. At the time of writing, the daily activity on TraderJoe and the revenue generated by the protocol dropped significantly over the past 24 hours.
Source: Token Terminal
In recent months, the price of the ARB and JOE tokens has dropped significantly since last month. However, there has been little impact on the prices of either token over the past 24 hours.
Source: Sentiment