Understanding Jimbos Protocol Exploit
Learn how the Jimbos Protocol was exploited, resulting in a loss of funds worth approx 4048 ETH.
Playing the video that you've selected below in an iframe
Helio protocol, a liquidity protocol suffered an Oracle failure resulting the loss of approx $15.5M.
On December 02, 2022, the dumping of massive amount of aBNBc tokens on decentralized exchange opened the door for another exploit in which Helio Protocol was attacked and profited the attacker by approximately $15.5 million.
Helio Protocol is an open-source liquidity protocol built on the BNB Chain that allows users to borrow and earn yield on the destablecoin $HAY.
The root cause of the vulnerability is due to the failure of oracle in updating the price of the associated tokens after they had crashed to a significantly lower value than they earlier trading price.
Changpeng Zhao, CEO of Binance also tweeted that the Binance exchange had frozen around $3 million of the funds that the hackers had moved to their CEX during this process.
The stablecoin $HAY de-pegged following the incident and fell to a low of roughly $0.21.
In a statement, the team explained that they were collaborating with Ankr Protocol to resolve the issue and that they had proposed a bilateral arrangement in which Ankr would pay for Helio's bad debt as a result of this exploit.
Additionally, in order to aid with the re-peg of $HAY, Ankr would be purchasing any extra $HAY that is produced as a result of the discounted $aBNBc and send it to a burn address.
There is no silver bullet when it comes to price oracles. However, oracles like ChainLink can help to prevent such attacks to a great degree.
Because this is an oracle price manipulation attack, the effect of this attack could have been considerably reduced if the Helio Protocol had a dedicated cover pool in the Neptune Mutual marketplace. We normally do not provide oracle attack coverage, but we can make an exception in some cases.
Users who acquire our parametric cover policies are not required to present loss evidence in order to receive payouts. The payouts can be claimed as soon as an incident like this is resolved via our governance system.
Furthermore, please keep in mind that just auditing smart contracts alone for vulnerabilities is insufficient. Neptune Mutual's security team can evaluate your preferred protocol for DNS and web-based security, smart contract evaluations, and frontend and backend security.