Bitcoin btc
$ usd

Algorand-Based Tinyman AMM Exploited for $3 Million

2 mins
3 January 2022, 06:09 GMT+0000
Updated by Levy Prata
24 May 2022, 16:22 GMT+0000
In Brief
  • The Tinyman protocol and its users lost $3 million after an attack took place on Jan 1.
  • The team says that the perpetrators activated their wallet addresses and deposited a seed fund for the attack.
  • This attack is yet another in the long list of exploits taking place in the DeFi market.
  • promo

Decentralized trading protocol Tinyman, built on Algorand, was the victim of a smart contract exploit. The protocol is estimated to have lost $3 million after all was said and done.

Algorand-based decentralized trading protocol, Tinyman, was subject to an attack on Jan 1, 2022, according to a blog post. The attacker exploited a vulnerability in Tinyman’s smart contracts, which then led to the compromise of some pools. The total amount lost is estimated to be approximately $3 million.

The announcement states that the attack led to “a drain of certain ASAs in the first hours of attack which led to increased volatility in the immediate aftermath.” The team is still investigating the attack and promised to compensate those affected.

As for how the attack was carried out, the team says that the perpetrators activated their wallet addresses and deposited a seed fund for the attack. They began targeting the pools and swapped some funds, and minted Pool Tokens.

The exploit, which had to do with the burning of these Pool Tokens, allowed the attackers to receive two of the same asset instead of two different assets. The attackers proceeded with the attack in this manner, stealing what the team estimates to be $3 million.

Tinyman is a completely decentralized protocol, so it isn’t possible to reverse or prevent transactions. Instead, it recommended that Tinyman users pull liquidity from contracts. Total liquidity in Tinyman has reduced to $20 million from $43 million before the attack.

Auditing and insurance solutions ever more important for DeFi

While Tinyman had previously had the contract audited, the exploit managed to fly under the radar. The audit managed to identify a different flaw during the process, which was fixed and reviewed. The audit confirmed that the previous flaw had been “fully addressed.” The previous flaw that was fixed related to a missing GroupSize check that could have allowed malicious transactions to be included in the group as explained below:

Tinyman audit: The audit report

The need for auditing and insurance solutions in the DeFi market is now essential, as attackers target it because of the rich inflow of capital. 2021 was the biggest year in terms of funds stolen from the DeFi market, and it doesn’t look like the trend will be slowing in 2022.

Ordinary investors will also have to pay attention to protecting crypto investments as the market makes progress with adoption. Insurance protocols seem to be a solution that many projects are keen on, and it has been promising so far.

What do you think about this subject? Write to us and tell us!


In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.