Jimbos Protocol
Summary
Jimbos Protocol was an Arbitrum-based DeFi liquidity protocol designed to provide a semi-stable floor price for its native JIMBO token. On May 28, 2023, just three days after launching its V2, the protocol was exploited via a flash loan attack that drained approximately 4,090 ETH (~$7.5 million) by exploiting a lack of slippage control in the JimboController contract. The attacker rejected a $800,000 bounty offer, laundered the full amount through Tornado Cash, and remains unidentified; no funds have been recovered.
Connected Entities
1 entitiesTimeline(8 events)
2023-05-28
Attacker exploits lack of slippage control in JimboController shift() function via flash loan, draining 4,090 ETH (~$7.5M). JIMBO token drops ~40%.
The Register2023-05-28
Stolen ETH bridged from Arbitrum to Ethereum mainnet via Stargate and Celer Network
Halborn Security2023-05-28
Jimbos Protocol team sends on-chain message to attacker offering to let them keep 10% if 90% is returned
CryptoPotato2023-05-31
Jimbos Protocol opens case with U.S. Department of Homeland Security (New York branch) and additional jurisdictions
CoinDesk2023-06-01
Jimbos Protocol announces $800,000 public bounty for information identifying the exploiter after hacker ignores private deal
CoinTelegraph2023-09-01
PeckShield reports that all $7.5M in stolen funds has been laundered through Tornado Cash; attacker remains unidentified
CoinPaperDecision Log
- hash: Z5HQcuvn7ayx2Ynb3de1WMX1eW98xvyipbgYfSizFCC
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 5/4/2026, 2:54:41 AM
last updated: 5/28/2026, 3:33:58 PM
avoid.net — verified advice for a post-truth world