Some communities started the year off on the right foot and others did not like the Algorand ecosystem so much.
On January 1, the decentralized finance platform built on the Algorand Tinyman network was attacked and around $ 3 million in assets were taken from a pool without authorization, according to their official. Blog declaration.
Today, two days after the attack, Tinyman’s official Twitter account released the following statement:
“We advise our users not to use Tinyman at this time due to the issues we are having. Low liquidity can also cause your funds to lose value. We are going to stop our exchange function. soon on the interface. Please take this warning seriously as it is about the protection of our users ”
About the exploit
According to the official statement on their blog, there was a lot of volatility in the first few hours after the exploit, and some Algorand Standard Assets (ASA) were “dumped” because of it. Tinyman’s team said the attackers activated their wallet addresses and deposited seed money for the attack.
To continue the attack, hackers started targeting certain pools, swapping certain assets and creating pool tokens, allowing attackers to get two of the same assets instead of two different ones due to an unknown bug in the feat. In this way, attackers benefited from the fact that the “gobtc asset” was more valuable than Algorand’s native ALGO token.
Tinyman also revealed that the attackers traded pools with stablecoins and removed those assets to other centralized wallets and exchanges. The team claimed that users affected by this attack will be reimbursed by the protocol.
DeFi platforms present a high risk
In 2021, “DeFi” was one of the crypto’s trending words of the year, and it exists thanks to smart contracts.
In November 2021, global crypto risk management firm Elliptic published research that found $ 10.5 billion in assets were lost due to exploits or hacks in DeFi protocols in 2021.
“Decentralized applications are designed to be insecure that they eliminate third-party control over user funds, but you still need to be sure that the creators of the protocol haven’t made any coding or design errors.” which could result in loss of funds. “said Tom Robinson, chief scientist at Elliptic.
DeFi protocols are new to the space and increasing every day, in January 2021 there was $ 20 billion in total value locked (TVL) and a year later there is around 250 billion, according to DeFi data Llama, increasing more than 10 times in a year.
As more and more money circulates in the DeFi world, more and more criminals and attackers are tempted to hack the protocols because it is something very new in crypto and there is no of KYC and they are based on smart contracts. Smart contracts are made by human beings who can leave errors that attackers can take advantage of.
Hopefully in the future the market will have more experience on the DeFi ecosystem and can discover the errors of the Tinyman protocol and maybe see possible regulation within the DeFi world.