Tyneman reported on the latest attack that began on January 1. Some “unauthorized users” breached certain pools of the protocol after being compromised by a previously unknown vulnerability on their smart contracts.
Tyneman Compromised
According to the official blog post, the attack resulted in the evacuation of some ASAs in the first hours. This, in turn, prompted massive instability. Tyneman revealed that the hack activated his wallet address and accumulated a seed fund for the breach. To carry out the attack, criminals essentially targeted Poole and began swapping a portion of their funds and mining Pool tokens.
It was an unknown bug in the burning of Pool tokens that was allegedly exploited by criminals and managed to acquire “two of the same assets instead of two separate ones”.
According to the platform, this was favorable to criminals as the “gobtc asset” was significantly more valuable than ALGO, the native token of Algorand. He immediately swapped against it to raise more money and continue the exploitation.
Tyneman alleged that the attackers swapped pools with stablecoins to get the most value and withdrew these assets to other on-chain wallets and known centralized cryptocurrency exchanges.
attack continues
Apologizing for the entire event, Tyneman assured that all affected users would be reimbursed and the team is currently working on a compensation plan. However, it is also mentioned that they cannot obstruct transactions of any kind on the blockchain due to the permissionless nature of the contracts.
To control the intensity of the damage, Tyneman urged liquidity providers to pull out all their liquidity from all protocol-related contracts. In addition, all liquidity routes in the web app were blocked and replaced with warning signs to protect the community.
Any lost funds after the next 24 hours (January 4 at 9 a.m. UTC) will be the responsibility of the users as there is nothing we can do to prevent this occurrence, the responsibility for the remaining assets rests with the wallet owners. ,
— tinyman (@tinymanorg) 3 January 2022
Recently another Tweet, the platform informed its users that the exploitation on the pool is ongoing. Furthermore, various digital assets worth around $2 million are still stuck in the pool. Tyneman once again advised everyone to withdraw their liquidity as soon as possible. It also warned that users would be responsible for any lost funds after 9 a.m. UTC on January 4.
PrimeXBT Special Offer: Use this link and enter code POTATO50 to get 25% off on trading fees.