1. This crypto-coin is called Jimbo. 2. $8m was stolen from its devs in flash loan attack

Police pretending

To investigate a pretend currency.

We will all pretend to be concerned.

Kleptocurrency working as designed?

Oh, no, the magic beans are gone!

I know I'm old and past it (72) but is it only to me that the article reads like gibberish. I made more sense out of the one on the Higgs-Boson and my physics days are further behind me (think school) than my computing ones.

Outscammed

ROTFLMAO

Police are looking into several insiders as potential suspects, including Tommy Tow-Truck and Sammy Steps.

When will people grow up and accept that the consequence of bad engineering is that bad things will happen?

I have some shares for sale in an unbeatable South Sea Island investment.

And Tulips, lots of tulips.

Interested in whether its illegal

Flash loans a known potential issue in DeFi (there's even academic papers on it FFS!) - and these methods have been around for ages (the article even refers to similar attacks)

So no excuses for not implementing methods to deal with this.

I know in normal stocks "pumping" to inflate stock price is illegal in various ways e.g. "talking up" a stock etc. As (obviously - theres easy cash to be made) its been a scam since the early days of stock markets.

But no idea what regulations apply to "crypto cash" and whether this is illegal, especially as Flash Loan functionality was deliberately built in as a "feature" . Indeed in "normal" financial trading utilising changes in the relative value of assets is a common feature of financial markets & plenty of high speed connections and computing "grunt" utilised to get an edge in financial trades perfectly legally by the big financial companies.

1. This crypto-coin is called Jimbo. 2. $8m was actually wasted on it

So there are now 25,000 different types of coin listed by these crypto pushers. Presumably when someone this week thinks "you know what, I'm very late to all this, and I've heard about quite a few scams and people losing everything, but I think I'll invest every last cent I have in one" they then go and "do their own research" in time honoured internet fashion, i.e. go down a rabbit hole of crypto-pushing sites and get pushed one way or another into picking one to waste their money on. It'll be either "pick a popular one, it's safe" or "take a risk on a smaller one : you could get rich beyond your dreams". Both options are of course bullshit.

If the $8m that got wasted on "Jimbo" is taken as a sort of baseline of how much gets blown on even the most obviously shit coin scam, that means at least $200 billion must be tied up all in the small fry, waiting to be stolen or just evaporate away into nothing. What a fucking stupid waste.

Hold on.

Isn't this just standard stock market trading?

Buy low, sell high.

If you take a loan out to buy low, "forcing" prices up, then selling back at higher cost. Repay loan and profit.

This Jimbo lot were just idiots for letting it happen so easily.

Methinks we need a crypto currency name generator

Much like the one for faux real ales.

Hogwarts bukkake

Gandalfs Memory Stick

Stolen Stollen

Yeah, struggling to seen what was stolen, a share of unbaked cake, a share of the idea of cake. Jimbo.2 wasn't stolen, Ethereum wasn't stolen.

errr....

No wait - they bought Jimbo2-Coin from Jimbo2, with a loan of Ethereum-Coin borrowed from Etherium and sold the Jimbo2-coin back to Jimbo2 in exchange for it's value in Etherium-Coin, and paid Etherium back in Etherium-Coin?

In between buying the Jimbo2-coin, and selling it back, the 'value' of Jimbo2-coin went up (and presumably went down afterwards) and they shoved the difference (in Etherium-Coin) in their wallet.

*cough "the value shares can go down, as well as up" - or is it the other way around - meh.

Well, isn't it Jimbo2 who has the Jimbo2-coin - why are they looking elsewhere?

Nothing was stolen - maybe there is some kind of regulation against 'pump & dump' manipulating prices -so the perpetrators engaged in a crime, but the crime wasn't theft, was it? Shurely not.

Same-same with Fiat currency.

Who set the rate of Jimbo2-coin? The 'Market' or Jimbo2? I think it was Jimbo2... or Jimbo2's automated system - well get the system to put the value up again when no-one is looking...

If it was 'The market' well, 'the market' can shift the share price up momentarily to cover the difference. ad-infinitum - unless the market doesn't give shit about Jimbo2's woes because 'unregulated man, code is law - no luck'.

Isn't crypto better suited to clawing back, or freezing 'manipulated money' anyway - isn't it on the Chainz™ Doesn't it have a serial number?

"These serial numbers are considered 'counterfeit - do not process any transaction with these numbers, any transaction made with them is now void (press enter)

What about wallets, at least tell me the Chainz™ know what wallet the 'value' went into - can you create, and bin anonymous wallets on the fly all over the place, or can wallets get fingered as ' hot'?

At least that way, it's not just Jimbo2 trying to get 'value' back - a lot of other traders will be hunting the 'value' of their now void transactions too, and also keeping an eye out for anyone brandishing a wallet that says 'Mean Muthafukka'

Soooo many rhetorical questions.

High Finance, and Crypto - buggered if I know how it works - that's why I'm poor.

Finally!

A bug bounty program with decent returns...

Yeah, I'm having a hard time finding a broken law here...

Like most other posters here, I don't quite understand how this is illegal. If it was stock market, it would be a pump'n'dump scheme, but I really don't think that's illegal for cryptocurrency.

The only bit that sounds concerning would be that "exploited a vulnerability in the JimboController contract to manipulate the liquidity pool".

Unfortunately, I don't know what a "liquidity pool" is, I don't know what it was "manipulated" into, I don't know what the "JimboController contract" is (okay, it's a smart contract I guess, but doing what?), I don't know what the vulnerability was, and I don't know how it was exploited.

So... yeah. Picture me scratching my head.

Jimbo's team bad design does not a make the (ab)user a criminal

If there actually was design... this could have been minimized. I do not understand how this can make a user of the features into a criminal.

As many have stated, this was simply shorting the Jimbo utilising the Jimbo's documented features.

This "CryptoCurrency" idea is attempting to make rules and code for a fully independent and automated system. What could go wrong? If people are worried about AI, then why would they trust cripto which inevitably shall be full of more bugs then an ants nest, with no human oversight.

Making the user the criminal for a lack of design, bad programming, non existent QA, and taking advantage of an illiquid market is too much.

Blame everyone but the clowns at fault. Where has responsibility gone to?

"Basic security" consistently fails in this realm

Steinkamp said "this basic function should never have been able to be executed if the owners of the asset had run basic security and hardening efforts prior to releasing it into the production environment."

I'm calling bullshit on that. A quick review of Molly White's site shows any number of cases where bugs in "smart contracts" were exploited despite those contracts having been audited by one, or often multiple, security firms that claim expertise in the area.

No doubt the Jimbo team were lax in basic security; I don't find that hard to be believe at all. But apparently finding all vulnerabilities in smart contracts is a very difficult problem in general, and even (self-appointed) experts are pretty bad at it. This vulnerability might have been caught, but very likely others would not have been.

I don't think the whole DeFi / smart contract approach is salvageable. Which is no loss, in my opinion.

Why would the "stolen" coin be returned?

One theory, but it depends upon whether anyone else is actually buying Etherium "for real", not in some weird game like the "flash loan" - that is, how fast can one actually sell 4k ETH for real cash and be rid of them?

If that is likely to take some time (because you are waiting on new suckers to enter the game with their real USD for weird ETH) then the incentive for "giving back" 90% of the 4k ETH is simple blackmail on the part of Jimbo:

"If you don't give us the ETH then we'll just explain to the world that *exactly* how this whole charade has been fleecing everyone and the whole thing will collapse! You'll be left with ETH that can't even be used to wipe your bum (even Weimar Papiermark could do that) and you'll still have paid out the fees for the flash loan! You lose! Yes, we'll burn the whole thing down just to screw you over for those fees! We don't care, all the important people in cryptocurrency have skimmed their nestegg: we knew it wasn't going to last forever."

The protocol owners don't get to decide...

As the Avraham Eisenberg/Mango Markets thing proved, it's not in the power of the protocol owners to offer this deal of "you keep 10% and it isn't a crime". If it was a crime (eg market manipulation or one of the many possible vaguely defined computer crime/wire fraud things that are out there) then even if they say the "attacker" can keep 10%, the officials can and will go after the perps. That's what happend to Eisenberg. https://www.sec.gov/news/press-release/2023-13

If it's not a crime and a legitimate financial arbitrage then there's no reason for the "counterparty" to give them a dime. Either way the folks who did this are all in at this point. Their only real option is to hang on.