Algorand-Based Tinyman AMM Exploited for $3 Million

Share Article
In Brief
  • The Tinyman protocol and its users lost $3 million after an attack took place on Jan 1.

  • The team says that the perpetrators activated their wallet addresses and deposited a seed fund for the attack.

  • This attack is yet another in the long list of exploits taking place in the DeFi market.

  • promo

    KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption Read now!

The Trust Project is an international consortium of news organizations building standards of transparency.

Decentralized trading protocol Tinyman, built on Algorand, was the victim of a smart contract exploit. The protocol is estimated to have lost $3 million after all was said and done.

Algorand-based decentralized trading protocol, Tinyman, was subject to an attack on Jan 1, 2022, according to a blog post. The attacker exploited a vulnerability in Tinyman’s smart contracts, which then led to the compromise of some pools. The total amount lost is estimated to be approximately $3 million.

The announcement states that the attack led to “a drain of certain ASAs in the first hours of attack which led to increased volatility in the immediate aftermath.” The team is still investigating the attack and promised to compensate those affected.

As for how the attack was carried out, the team says that the perpetrators activated their wallet addresses and deposited a seed fund for the attack. They began targeting the pools and swapped some funds, and minted Pool Tokens.

The exploit, which had to do with the burning of these Pool Tokens, allowed the attackers to receive two of the same asset instead of two different assets. The attackers proceeded with the attack in this manner, stealing what the team estimates to be $3 million.

Tinyman is a completely decentralized protocol, so it isn’t possible to reverse or prevent transactions. Instead, it recommended that Tinyman users pull liquidity from contracts. Total liquidity in Tinyman has reduced to $20 million from $43 million before the attack.

Auditing and insurance solutions ever more important for DeFi

While Tinyman had previously had the contract audited, the exploit managed to fly under the radar. The audit managed to identify a different flaw during the process, which was fixed and reviewed. The audit confirmed that the previous flaw had been “fully addressed.” The previous flaw that was fixed related to a missing GroupSize check that could have allowed malicious transactions to be included in the group as explained below:

Tinyman audit: The audit report

The need for auditing and insurance solutions in the DeFi market is now essential, as attackers target it because of the rich inflow of capital. 2021 was the biggest year in terms of funds stolen from the DeFi market, and it doesn’t look like the trend will be slowing in 2022.

Ordinary investors will also have to pay attention to protecting crypto investments as the market makes progress with adoption. Insurance protocols seem to be a solution that many projects are keen on, and it has been promising so far.

What do you think about this subject? Write to us and tell us!

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Rahul's cryptocurrency journey first began in 2014. With a postgraduate degree in finance, he was among the few that first recognized the sheer untapped potential of decentralized technologies. Since then, he has guided a number of startups to navigate the complex digital marketing and media outreach landscapes. His work has even influenced distinguished cryptocurrency exchanges and DeFi platforms worth millions of dollars.

Follow Author

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption      

Read now

KuCoin Releases KCS whitepaper – a Path for Geek to Mass Adoption

Read now

Olympus, a P2E NFT Game Similar to Clash Royale, Is Making Headlines

Read Now