In an unexpected turn of events, the team behind the compromised decentralized finance (DeFi) app Jimbos Protocol has issued a proposition to the hacker responsible for the security breach: Retain a tenth of the purloined funds and relinquish the rest, or be prepared for a legal pursuit. The team has demonstrated unyielding determination to bring the cyber assailant to justice, a sentiment expressed in a post dated May 28 on the Ethereum network.
After failing to secure a response, the team sent a follow-up message that same night, reinforcing their demand and signaling their intent to involve legal authorities should the funds remain unreturned. Jimbos Protocol identifies as a "responsive high-density liquidity protocol." It tries to maintain the value of its JIMBO token above a predetermined minimum by collecting Ether (ETH) in the protocol's treasury to bolster the token's price.
The protocol fell prey to a flash loan attack on May 28, with the intruder stealing $7.5 million from the treasury's liquidity pool. Numen Cyber Labs, in their assessment of the attack, pointed to a loophole in the JimboController contract. It permitted anyone to activate the shift() function and inject liquidity into the pool. The hacker utilized this to tamper with the JIMBO token's sell-off price during withdrawal, effectively depleting the pool of $7.5 million worth of ETH.
DeFi cyberattacks are not a rare occurrence in the blockchain and Web3 universe. However, there is often a silver lining for users as hackers sometimes concede to returning the bulk of the stolen funds after discussions with the development teams. Euler Finance, a notable case, lost approximately $200 million to a hacker on March 13, marking the largest attack of the year. However, the culprit returned almost all the funds. Sentiment, a liquidity protocol, also suffered a similar attack on April 4, but 85% of the stolen assets were returned two days later.
According to the Jimbos Protocol team, they work alongside the same security experts and analysts who worked on the aforementioned incidents.