Altcoin

Trader Joe: Jimbo protocol attacked, are your holdings safe

Jimbo protocol gets hacked by attackers. JIMBO token declines by 40%, impacting token holders and protocol users alike.

Published

on

  • Hackers exploit Jimbo protocol’s vulnerabilities, causing a loss of $7.5 million.
  • Activity on Trader Joe severely impacted, however, there was no impact on the price of JOE.

On 28 May, crypto security firm PeckShield announced that they suspected suspicious activity on the Jimbo protocol. Jimbo is a DeFi liquidity protocol that has its own native token, JIMBO, which was launched through TraderJoe [JOE].


Is your portfolio green? Check out the Joe Profit Calculator


Poor slippage control and its impacts

After further investigation, PeckShield reported that the hack led to the loss of 4090 Ether [ETH], worth around $7.5M. The security breach resulted from inadequate slippage control in the liquidity-shifting operation, leading to the allocation of the protocol’s owned liquidity into a price range that exhibited skewness or imbalance.

For context, slippage control refers to a mechanism or feature that helps manage price slippage during trading or liquidity operations. Price slippage occurs when there is a discrepancy between the expected price of an asset and the actual executed price. In the context of liquidity-shifting operations, slippage control aims to minimize the impact of large trades or shifts in liquidity on the asset’s price.

This vulnerability was then exploited through a reverse swap mechanism, which enabled the attackers to generate profits from the manipulated price movements.

A reverse swap mechanism, also known as a “flash loan attack,” is a type of exploit where an attacker borrows a large sum of assets (typically through a flash loan) and manipulates the market to their advantage. The attacker executes a series of trades or transactions that intentionally impact the price or liquidity of certain assets, creating an opportunity for profit.

Once the manipulation is successful and the desired outcome is achieved, the attacker repays the borrowed assets, typically within the same transaction, leaving them with the profit and no net exposure to risk.

Source: PeckShield

Holders left to deal with JOE

Due to the events that unfolded, the price of JIMBO fell by 40%, impacting token holders negatively.


Realistic or not, here’s ARB’s market cap in BTC’s terms


TraderJoe, a DEX protocol launched on Arbitrum [ARB] and Avalanche [AVAX] was used to create JIMBO. At press time, the daily activity on TraderJoe and the revenue generated by the protocol declined significantly over the last 24 hours.

Source: Token Terminal

Over the last few months, the price of the ARB and JOE tokens has declined materially since last month. However, there has been little impact on either of the token’s prices over the last 24 hours.

Source: Santiment