Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Tinyman opened about the latest attack that started on January 1st. A few âunauthorized usersâ breached some of the protocolâs pools after compromising a previously unknown vulnerability on its smart contracts.
Tinyman Compromised
According to the official blog post, the attack resulted in a drain of certain ASAs in the first hours. This, in turn, induced massive volatility. Tinyman revealed that the hack activated their wallet addresses and deposited a seed fund for the breach. To execute the attack, the perpetrators essentially targeted the pools and started to swap a portion of their funds and minted Pool Tokens.
It was an unknown bug in the burning of Pool Tokens that the perpetrators reportedly exploited and managed to acquire âtwo of the same Assets instead of two different Assets.â
According to the platform, this was favorable for the perpetrators as the âgobtc assetâ was significantly more valuable than Algorandâs native token ALGO. They immediately swapped against it to rake in more funds and carry on with the exploit.
Tinyman alleged that the attackers also swapped pools with stablecoins to fish out the most value and withdraw these assets to other on-chain wallets and known centralized cryptocurrency exchanges.
The Attack Goes on
While apologizing for the entire event, Tinyman assured that all affected users will be reimbursed and that the team is currently working on compensation plans. However, it also mentioned that they could not obstruct any kind of transaction on the blockchain due to the permissionless nature of the contracts.
In a bid to control the intensity of the damage, Tinyman urged liquidity providers to pull out all their liquidity from all the protocol-related contracts. In addition to that, all liquidity routes in the web app were blocked and were replaced with warning signs to protect the community.
Any lost funds after the next 24 hours (9 am UTC on the 4th of January) will be the responsibility of the users as there is nothing we can do to stop this event, the responsibility of the remaining assets are in the wallet ownersâ hands.
â Tinyman (@tinymanorg) January 3, 2022
In yet another recent tweet, the platform notified its users that the exploit on the pools continues. Moreover, around $2 million worth of various digital assets in the pools still remained stuck. Tinyman once again advised everyone to remove their liquidity as soon as possible. It also warned that any lost funds after 9 AM UTC on January 4th will be user responsibility.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.