First hack of the year: Tinyman suffers from exploit attack and continues, total damage unknown
Another year, another hack. This time, a decentralized trading platform Tinyman suffered from smart contract mining.
Tinyman opens this year’s list of victims hacked. Several “unauthorized users” have compromised the protocol pools by exploiting a previously unknown vulnerability in their smart contracts.
The whole incident and compensation
According to the post above Blog Officially, the attack killed certain ASAs in the first few hours. This caused great volatility. Tinyman announced that the hack activated their wallet address and sent seed money for the compromised contract. To carry out the attack, the perpetrators essentially aimed at the pools, began exchanging some of their coins and minting pool tokens.
It was an unknown bug when burning pool tokens that the perpetrators mined and created “two identical assets instead of two different assets”.
According to the platform, this is an advantage for the perpetrators, as the “gobtc assets” are significantly more valuable than Algorand’s native ALGO token. You immediately exchange them for more coins and continue mining.
Tinyman claims the attackers also traded pools for stablecoins for the highest value, and then moved those assets to other on-chain wallets and centralized cryptocurrency exchanges.
Tinyman apologized for the entire incident and assured that all affected users will receive a refund and that the team is currently working on a compensation plan. However, the project also mentions that due to the lack of permission in the contracts, they cannot impede any type of transaction on the blockchain.
In order to control the extent of the losses, Tinyman urged the liquidity providers to withdraw all of their funds from all contracts related to the protocol. In addition, all liquidity channels in the web app have been blocked and replaced with warning signs to protect the community.
In another recent tweet, the platform informed its users that mining in the pools will continue. In addition, around $ 2 million remains trapped in pools in various digital assets. Tinyman is again advising people to withdraw their liquidity as soon as possible. It also warns that any funds lost after 4:00 p.m. on Jan 4th are the responsibility of the user.
Join Bitcoin Magazine Telegram to keep track of news and comment on this article: https://t.me/coincunews
Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page
Author
Market
First hack of the year: Tinyman suffers from exploit attack and continues, total damage unknown
Another year, another hack. This time, a decentralized trading platform Tinyman suffered from smart contract mining.
Tinyman opens this year’s list of victims hacked. Several “unauthorized users” have compromised the protocol pools by exploiting a previously unknown vulnerability in their smart contracts.
The whole incident and compensation
According to the post above Blog Officially, the attack killed certain ASAs in the first few hours. This caused great volatility. Tinyman announced that the hack activated their wallet address and sent seed money for the compromised contract. To carry out the attack, the perpetrators essentially aimed at the pools, began exchanging some of their coins and minting pool tokens.
It was an unknown bug when burning pool tokens that the perpetrators mined and created “two identical assets instead of two different assets”.
According to the platform, this is an advantage for the perpetrators, as the “gobtc assets” are significantly more valuable than Algorand’s native ALGO token. You immediately exchange them for more coins and continue mining.
Tinyman claims the attackers also traded pools for stablecoins for the highest value, and then moved those assets to other on-chain wallets and centralized cryptocurrency exchanges.
Tinyman apologized for the entire incident and assured that all affected users will receive a refund and that the team is currently working on a compensation plan. However, the project also mentions that due to the lack of permission in the contracts, they cannot impede any type of transaction on the blockchain.
In order to control the extent of the losses, Tinyman urged the liquidity providers to withdraw all of their funds from all contracts related to the protocol. In addition, all liquidity channels in the web app have been blocked and replaced with warning signs to protect the community.
In another recent tweet, the platform informed its users that mining in the pools will continue. In addition, around $ 2 million remains trapped in pools in various digital assets. Tinyman is again advising people to withdraw their liquidity as soon as possible. It also warns that any funds lost after 4:00 p.m. on Jan 4th are the responsibility of the user.
Join Bitcoin Magazine Telegram to keep track of news and comment on this article: https://t.me/coincunews
Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page
Other Posts
Related Posts
