Tinyman: The First DeFi Exploit of 2022?
Key Findings
- The Tinyman attacker pre-funded a wallet from a centralized exchange
- The exploit resulted in over 3 million in goETH and goBTC being removed from liquidity pools during the attack
- As of January 6, 2022, the attacker's primary wallet still holds approximately 21 goBTC
- The Tinyman attack is believed to be the first Decentralized Finance (DeFi) exploit of 2022
What happened
On January 2, 2022, a DeFi protocol known as Tinyman announced that its liquidity pool was compromised, providing the attacker the ability to withdrawal assets they did not own. According to the Tinyman team, the attacker was able to exploit a previously unknown vulnerability in the Tinyman contract. Multiple Algorand Standard Assets (ASA) were drained during the attack. As a result of the attack, Tinyman requested that the Algorand community remove liquidity from all Tinyman pools because a quick fix to the vulnerability was not available.
The exploit primarily targeted goETH and goBTC pools leading to approximately 3 million in losses at the time of withdrawal according to the Tinyman team. On-chain flows show that the same wallet that received a deposit from a centralized exchange also received the goETH and goBTC that was removed from liquidity pools across 17 transactions.
This TRM graph shows Algorand flows from a centralized exchange and the attacker removing approximately 3 million worth of goETH and goBTC from liquidity pools.
On January 3rd, the Tinyman team reiterated that the attack was still on-going and that approximately $2m worth of value in liquidity pools was at risk of being swept.
As of January 6, 2022, the attacker's primary wallet still holds approximately 21 goBTC.
___
TRM Labs is the only tool with cross-chain analytics, which enables investigators to view cross chain swaps and multiple flows within one graph. Investigators can move seamlessly across blockchains to trace the flow of funds, visualize multi-layer relationships and drastically reduce investigation time with our proprietary technology for automated tracing.
For more information, or to report leads contact us at investigations@trmlabs.com. Subscribe to our weekly insights here.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.