Algorand-based Tinyman AMM Lost $3 million to Smart Contract Attack

Algorand-based Tinyman AMM Lost $3 million to Smart Contract Attack
Algorand-based Tinyman AMM Lost $3 million to Smart Contract Attack

Tinyman, a decentralized trading protocol based on Algorand, is a recent victim of smart contract security flaws. The trading protocol is estimated to have lost a total of $3 million in the attack.

Algorand-based Tinyman AMM Exploited $3 million

According to a blog post on January 1, Tinyman was attacked and the attacker exploited a loophole in the Tinyman smart contract which caused some mining pools to be compromised. The total damage is estimated at $3 million.

The announcement stated that the attack resulted in the loss of certain ASAs in the first few hours of the attack, resulting in increased volatility. The team is still investigating the attack and promised to take care of those affected.

In order to carry out the attack, the team stated that the perpetrators activated their wallet addresses and deposited start-up capital for the attack. They started targeting mining pools and exchanging some funds and minting mining pool tokens.

The vulnerability is related to the destruction of these pool tokens, which could allow an attacker to obtain two identical assets instead of two different assets. The attackers continued their attacks like this, stealing the estimated $3 million from the team.

Tinyman is a fully decentralized protocol, so it is impossible to reverse or prevent transactions. Instead, it advises Tinyman users to extract liquidity from the contract. Tinyman’s total liquidity decreased from $43 million before the attack to $20 million.

Auditing and Insurance Solutions are of Key importance to the DeFi Market

Tinyman is said to have been informed of the vulnerability through the auditor’s runtime verification, who conducted a security review of the contract. The team even got a solution, but it didn’t seem to be implemented quickly enough.

The demand for auditing and insurance solutions in the DeFi market is now critical as attackers target them due to sufficient capital inflows. In terms of funds stolen from the DeFi market, 2021 is the biggest year, and that trend doesn’t seem to be slowing down in 2022 either.

As the market progresses, normal investors also need to look out for the protection of crypto investments. Insurance contracts seem to be a sensible solution for many projects and have so far been very promising.