Arbitrum Based Jimbos Protocol Scurries for Revival After $7M Exploit

Version 2 of Jimbos protocol was attacked over the weekend for $7.3 million, just days after going live.

AccessTimeIconMay 29, 2023 at 4:46 a.m. UTC
Updated May 29, 2023 at 6:33 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Developers behind the Arbitrum-based Jimbos Protocol are gauging the best way for the project to move forward after its version 2 (V2) faced a $7.5 million exploit over the weekend.

Jimbos said it was working with security researchers to reclaim lost funds – the same people who’ve previously helped Euler Finance recover over $200 million – and added that they would contact law enforcement by 4 P.M. UTC on Monday if the attacker failed to return the money.

Jimbos lost 4,090 ether (ETH) late on Saturday, which security analysts blamed on the lack of slippage control in the main contract. This allowed the yet-unidentified attackers to take out a $5.9 million flash loan, manipulate the prices of jimbo (JIMBO), and walk out with treasury funds.

The protocol planned to issue a semi-stable token backed by a basket of crypto tokens, alluring traders to this concept as similar projects have seen brief success.

Flash loans are a popular way for attackers to gain funds to conduct exploits on decentralized finance (DeFi) systems. The loans allow traders to borrow unsecured funds from lenders using smart contracts instead of third parties.

These do not require any collateral because the contract considers the transaction complete only when the borrower repays the lender – meaning a borrower defaulting on a flash loan would cause the smart contract to cancel the transaction, and the money would be returned to the lender.

Meanwhile, JIMBO, its token, traded at nearly 18 cents on Monday, slightly recovering in Asian morning hours as developers floated their protective plans.

Edited by Sam Reynolds.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about