Jimbos Protocol Suffers an Exploit due to lack of controls, losing $7.5 Million US
Take action: Sometimes an organization will lose money because of insufficient controls. But it may not be a direct cybersecurity issue, since the actor profiting form the lack of controls simply used the protocol as it is designed. That's why we don't claim spammers are criminals - they are simply using email as it was designed - without controls. It's good to think about controls at a broader context and all the time.
Learn More
Jimbos Protocol, a decentralized finance (DeFi) protocol, experienced an exploit in the transactions resulting in the loss of 4090 ETH (approximately $7.5 million US).
The exploit occurred due to the absence of slippage control during a liquidity-shifting operation, allowing hackers to exploit imbalanced price ranges and execute a reverse swap for their own gain. In the most simple terms, the hackers took advantage of a situation where they could trade a specific cryptocurrency (let's call it Coin X) for another cryptocurrency (Coin Y) at an imbalanced price. Normally, people would trade Coin Y for Coin X and Coin X for Coin Y at zero gain, but the hackers found that the price in one direction was different than the price in the other direction. This allowed them to make a profit at the expense of the protocol and its users.
The protocol has acknowledged the incident, is collaborating with law enforcement agencies and security professionals, and has committed to providing regular updates on the situation.
From a purely information security perspective this event may not be a breach: an absence of control in the transaction may be argued as an oversight of the designer of the protocol which was used by the traders for their benefit - a situation not unlike the arbitrage price difference of cryptocurrency on different exchanges where traders would find a good deal on currencies on one exchange and then sell that currency for a higher price at another exchange.
