TRM Investigations
January 5, 2022

Tinyman: The First DeFi Exploit of 2022?

TRM InsightsTRM Investigations
Tinyman: The First DeFi Exploit of 2022?

Key Findings

  • The Tinyman attacker pre-funded a wallet from a centralized exchange
  • The exploit resulted in over 3 million in goETH and goBTC being removed from liquidity pools during the attack
  • As of January 6, 2022, the attacker's primary wallet still holds approximately 21 goBTC
  • The Tinyman attack is believed to be the first Decentralized Finance (DeFi) exploit of 2022

What happened

On January 2, 2022, a DeFi protocol known as Tinyman announced that its liquidity pool was compromised, providing the attacker the ability to withdrawal assets they did not own. According to the Tinyman team, the attacker was able to exploit a previously unknown vulnerability in the Tinyman contract. Multiple Algorand Standard Assets (ASA) were drained during the attack. As a result of the attack, Tinyman requested that the Algorand community remove liquidity from all Tinyman pools because a quick fix to the vulnerability was not available.

The exploit primarily targeted goETH and goBTC pools leading to approximately 3 million in losses at the time of withdrawal according to the Tinyman team. On-chain flows show that the same wallet that received a deposit from a centralized exchange also received the goETH and goBTC that was removed from liquidity pools across 17 transactions.

This TRM graph shows Algorand  flows from a centralized exchange and the attacker removing approximately 3 million worth of goETH and goBTC from liquidity pools.

Source: TRM Forensics

On January 3rd, the Tinyman team reiterated that the attack was still on-going and that approximately $2m worth of value in liquidity pools was at risk of being swept.

As of January 6, 2022, the attacker's primary wallet still holds approximately 21 goBTC.

___

TRM Labs is the only tool with cross-chain analytics, which enables investigators to view cross chain swaps and multiple flows within one graph. Investigators can move seamlessly across blockchains to trace the flow of funds, visualize multi-layer relationships and drastically reduce investigation time with our proprietary technology for automated tracing.

For more information, or to report leads contact us at investigations@trmlabs.com. Subscribe to our weekly insights here.

This is some text inside of a div block.
Subscribe and stay up to date with our insights
arrow right
November 4, 2021

DeFi Targeted with Malicious Desktop App

arrow right
August 6, 2021

Watch the Recording: Ransomware & Cyberattacks in the Age of Crypto

arrow right
August 31, 2021

Hurts the SOL: Security Considerations for NFT Drops

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.