Security News > 2023 > May > Flash loan attack on Jimbos Protocol steals over $7.5 million
Jimbos Protocol, an Arbitrum-based DeFi project, has suffered a flash loan attack that resulted in the loss of more than of 4000 ETH tokens, currently valued at over $7,500,000.
According to blockchain security experts at PeckShield, Jimbos Protocol was the victim of a flash loan attack that leveraged the lack of slippage control on the platform.
A notable recent example is the flash loan attack that hit Euler Finance, resulting in a massive loss of $197 million.
In the case of Jimbos Protocol, the attacker took a $5.9 million flash loan, manipulated the market to skew the price range, traded back the tokens, and escaped with 4,090 ETH. Slippage control is a measure that restricts token price changes to ensure that their fluctuation stays within an acceptable range from the time of initiating a trade to its completion, in this case, a flash loan.
Jimbo Protocol had warned investors about the "Experimental" nature of Jimbo V1, saying that "The contracts are unaudited and any amount of money you put into this protocol can be lost due to unforeseen circumstances at any time."
The incident has placed Jimbos Protocol in a predicament, and the platform has sent an on-chain message to the perpetrators asking them to return 90% of the stolen funds in exchange for the promise not to initiate legal proceedings against them.