The team behind exploited decentralized finance (DeFi) app Jimbos Protocol has offered a deal to the app’s exploiter: Keep 10% of the funds and return the other 90%, or face prosecution. Otherwise, the team “won’t stop” until the attacker is “behind bars.” The proposed deal was disclosed in a May 28 tweet by the Jimbos team and posted to the Ethereum network.
To the attacker: keep a fast $800k payday, and live to tell the tale. We won’t pursue you if you send back the 90%. But if you don’t, we won’t stop until you’re behind bars.
You can open communications with us at [email protected]
— Jimbos Protocol (v2, soon) (@jimbosprotocol) May 29, 2023
On May 28 at 7:25 am UTC, the team posted a message to the Ethereum network stating that the attacker would not be prosecuted if 90% of the funds are returned.
After apparently not getting a response, the team posted another message at 7:07 pm, giving the attacker a deadline of “tomorrow by 4PM UTC” to return 90% of the funds and warned that the team would “start working with law enforcement agencies” if the funds were not returned.
This second message was also posted to the protocol’s official Twitter account.
On May 29, after the deadline passed, the team announced on Twitter that it had “identified promising leads, and one in particular” that may allow Jimbos to identify the attacker. The team warned the attacker that “we don’t want anyone’s lives ruined, but given no choice, we will do what we say,” implying the protocol would follow through with its threat to go to the police if the attacker didn’t comply.
Related: How the IRS seized $10B worth of crypto using blockchain analytics
Jimbos describes itself as a “reactive concentrated liquidity protocol.” It attempts to keep the price of its token, JIMBO, above a set floor price by accumulating Ether (ETH) in the protocol’s treasury and using it to defend the token’s price.
On May 28, the protocol became the victim of a flash loan attack, as an exploiter drained $7.5 million from its treasury-owned liquidity pool. According to an analysis from Numen Cyber Labs, the attacker took advantage of a flaw in the JimboController contract that allowed anyone to call the shift() function and add liquidity to the pool. This allowed the exploiter to manipulate the selling price of the JIMBO token when cashing out, draining $7.5 million worth of Ether from the pool in the process.
DeFi exploits are a common problem in the Web3 ecosystem. But luckily for users, the exploiters sometimes return most of the funds after negotiating with development teams. On March 13, Euler Finance was hacked for over $195 million, the largest attack of 2023 so far. But the attacker subsequently returned nearly all the funds. Liquidity protocol Sentiment was similarly exploited on April 4, but the attacker returned 85% of the exploited funds on April 6.
The Jimbos Protocol team claims to be working with the same “security researchers and on-chain analysts” that investigated these previous two incidents.