The team behind Jimbos Protocol has decided to stop waiting for the hacker and turn to law enforcement agencies for help with the May 28 exploit that led to the loss of nearly $7.5 million worth of cryptocurrency.
Read also: Hacker exposes El Dorado Exchange price scam
Right after the exploit, the Jimbos Protocol team hoped the attacker would "voluntarily cooperate" after the team tweeted about a 10% bug bounty worth $800,000 and promised not to take legal actions if the hacker returned the remaining 90% of the loot.
On May 31, the team posted a reminder for the hacker on Twitter, saying, "The door remains open for the hacker to return the funds until they are arrested, at which point the offer will be rescinded. Because then, we will be getting 100% of the funds back and they will go to prison. We will be accepting any information at email@example.com."
Interestingly, this post was published almost simultaneously with another one that also appeared on Twitter at 4:24 pm. In that tweet, Jimbos Protocol already stated that the team recognized the lack of communication with the hacker as their unwillingness to cooperate and therefore will now take legal action.
"We have started working with various law enforcement agencies - we have opened a case with the NY branch of the Department of Homeland Security and are currently opening cases in other jurisdictions. The NY branch is the center of blockchain cybercrime investigations," Jimbos Protocol tweeted, adding that the NY Department of Homeland Security has been quite successful in arresting many DeFi exploiters.
"To the attacker: We warned you. We'd prefer giving you the bounty so we can focus on our protocol. Instead, we will deal with law enforcement to find you," Jimbos Protocol added.
Now the team is ready to reward anyone who can provide information about the attacker.
"In order to speed up the investigation and return of funds, we're offering the 10% bounty ($800,000) to the general public. Anyone who provides information that leads to: 1) catching the exploiter, or 2) all funds being returned, is eligible for the reward," the team promised.
Several cybersecurity firms have analyzed the Jimbo Protocol attack in depth. According to Numen Cyber Labs' blog post, the exploit started with the initiation of a flash loan by borrowing 10,000 ETH from Jimbos Protocol as the initial capital.
"Subsequently, the attacker exchanged the borrowed ETH for a substantial amount of Jimbo funds through the [ETH -Jimbo] trading pair, causing a surge in the current price of Jimbo," the post states. Subsequently, 100 JIMBO tokens were transferred to the JimboController contract, and the exploiter started manipulating the liquidity pool by calling the shift() function of the JimboController.
According to Numen Cyber Labs, "the attacker converted the acquired JIMBO tokens back into ETH, and repaid the flash loan, thereby exiting the exploit with substantial profits." The cybersecurity firm’s experts believe that the vulnerability in the JimboController contract enabled the manipulation of the liquidity pool. The imbalance between the prices of JIMBO and WETH allowed the exploiter "to acquire a larger amount of WETH and maximize their gains."