Both the Ethereum network and the protocol’s official Twitter account were updated with the deal.
Jimbos Protocol’s developers have made the app’s exploiter an offer. Jimbos Protocol is a decentralized finance (DeFi) program. The team suggested a bargain in a tweet shared on the Ethereum network on May 28th, the exploiter could keep 10% of the money they had stolen and restore the other 90%, or they would face legal action. The group declared their intention to continue legal action up until the perpetrator is apprehended and put in jail.
This declaration demonstrates the team’s adamant opposition to the exploit and its determination to retrieve the majority of the money. If the exploiter does not cooperate and repay the agreed-upon percentage of the funds, they are ready to pursue legal action.
On May 28 at 7:25 am UTC, the team posted a message to the Ethereum network stating that the attacker would not be prosecuted if 90% of the funds are returned.
The team issued another message at 7:07 p.m. after seemingly not receiving a response, giving the attacker until “tomorrow by 4PM UTC” to refund 90% of the funds and threatening to “start working with law enforcement agencies” if the monies were not returned.
This second message was also posted to the protocol’s official Twitter account.
The team tweeted on May 29th, after the deadline had passed, that they had “identified promising leads, and one in particular” that could help Jimbos find the assailant. The team stressed that their goal was to hold the offender accountable, not to endanger anyone’s lives, and that if the assailant didn’t comply, they would carry out their threat to call the police.
Flash Loan Attack on Jimbos Protocol
According to its website, Jimbos Protocol is a “reactive concentrated liquidity protocol” intended to keep the price of its JIMBO token above a certain floor price. To do this, the protocol builds up Ether in its treasury and uses it to support the token’s price.
A flash loan attack on the protocol on May 28th led to an exploiter taking $7.5 million from its treasury-owned liquidity pool. By taking advantage of a weakness in the JimboController contract, the attacker was able to manipulate the JIMBO token’s selling price and remove $7.5 million worth of ether from the pool.
The team’s response to the assault includes a promise to track down the perpetrator and take the necessary countermeasures. The team made a deal with the exploiter, promising to keep 10% of the money in exchange for returning the other 90%, but they also made it clear that they were prepared to take legal action if necessary and promised to keep fighting until the attacker was brought to justice.
Related: DOJ Pursues DeFi Hackers and Thieves