cryptoknowmics.com
Another DeFi protocol has become a victim of hacking. According to a blog post, the estimated loss of Algorand-based decentralized trading protocol TinyMan totals $3 million after the attackers exploited a vulnerability in the platform’s smart contracts.
DeFi Hack Series Continues
Decentralized trading protocol, TinyMan is the latest victim of a smart contract exploit. On January 1, hackers took advantage of a vulnerability in TinyMan’s smart contracts, which then led to the compromise of some pools, resulting in an estimated loss of approximately $3 million.
“Beginning on the 1st of January 2022, an attack was orchestrated by unauthorized users on some of TinyMan’s pools by exploiting a previously unknown vulnerability in the TinyMan contracts,” the announcement blog post read.
As for the initial findings based on Algorand on-chain records, the perpetrators activated their wallet addresses and deposited a seed fund for the attack. They then began targeting the pools and swapped some funds, and minted Pool Tokens.
After exploiting an unknown bug in the burning of Pool Tokens, the hackers received two of the same Assets instead of two different Assets. They then proceeded to steal what’s estimated to be $3 million, resulting in the platform's total liquidity being reduced to $20 million from $43 million before the attack.
TinyMan being a completely decentralized protocol doesn’t allow to reverse or prevent transactions. Instead, users were suggested to pull liquidity from contracts.
TinyMan was allegedly informed of the exploitation by auditor runtime verification, which did a security check of the contracts and was even given a solution. However, it appears that it was not implemented fast enough.