Jimbos Protocol, an Arbitrum-based decentralized finance (DeFi) project, has experienced a significant setback as it fell victim to a flash loan attack resulting in the loss of over 4000 ETH tokens valued at more than $7.5 million.
The attack took place just three days after the launch of the platform’s V2 protocol, catching many investors off guard. The jimbo token, which had a semi-stable floor price backed by assets, suffered a rapid price collapse following the breach.
The company promptly disclosed the attack on Twitter and has taken immediate action by notifying law enforcement and engaging security professionals to address the situation. It is working to remediate the vulnerabilities and prevent similar incidents in the future.
Unfortunately, the price of the jimbo token plummeted from $0.238 to a meager $0.0001 in the aftermath of the attack.
Experts from PeckShield, a blockchain security firm, determined that the flash loan attack against Jimbos Protocol exploited a lack of slippage control on the platform. Flash loans involve borrowers borrowing a significant amount of tokens and repaying them in the same transaction.
By manipulating the token’s price during the short window between receiving and repaying the loan, the attacker managed to keep the difference, resulting in the theft of 4,090 ETH tokens.
Jimbos Protocol, which had cautioned investors about the experimental nature of its V1 protocol, aimed to rectify security issues with the V2 release. However, the flash loan attack has put the platform in a difficult position.
In an attempt to recover some of the stolen funds, the company has sent an on-chain message to the perpetrators, offering to forgo legal action if they return 90% of the stolen funds.
