Algorand-Based Tinyman AMM Exploited for $3 Million

Decentralized trading protocol Tinyman, built on Algorand, was the victim of a smart contract exploit. The protocol is estimated to have lost $3 million after all was said and done.

Algorand-based decentralized trading protocol, Tinyman, was subject to an attack on Jan 1, 2022, according to a blog post. The attacker exploited a vulnerability in Tinyman’s smart contracts, which then led to the compromise of some pools. The total amount lost is estimated to be approximately $3 million.

The announcement states that the attack led to “a drain of certain ASAs in the first hours of attack which led to increased volatility in the immediate aftermath.” The team is still investigating the attack and promised to compensate those affected.

As for how the attack was carried out, the team says that the perpetrators activated their wallet addresses and deposited a seed fund for the attack. They began targeting the pools and swapped some funds, and minted Pool Tokens.

The exploit, which had to do with the burning of these Pool Tokens, allowed the attackers to receive two of the same asset instead of two different assets. The attackers proceeded with the attack in this manner, stealing what the team estimates to be $3 million.

Tinyman is a completely decentralized protocol, so it isn’t possible to reverse or prevent transactions. Instead, it recommended that Tinyman users pull liquidity from contracts. Total liquidity in Tinyman has reduced to $20 million from $43 million before the attack.

Auditing and insurance solutions ever more important for DeFi

Tinyman was allegedly informed of the exploit by auditor runtime verification, which did a security check of the contracts. The team was even given a solution, though it appears that it was not implemented fast enough.

Tinyman audit: The audit report

The need for auditing and insurance solutions in the DeFi market is now essential, as attackers target it because of the rich inflow of capital. 2021 was the biggest year in terms of funds stolen from the DeFi market, and it doesn’t look like the trend will be slowing in 2022.

Ordinary investors will also have to pay attention to protecting crypto investments as the market makes progress with adoption. Insurance protocols seem to be a solution that many projects are keen on, and it has been promising so far.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.