The developers of the DeFi project Tinyman reported that hackers took advantage of a previously unknown vulnerability in a smart contract designed to burn tokens and withdrew $ 3 million worth of crypto assets.
According to a blog post on the project, the hackers created and activated wallet addresses, after which they made a test deposit for the subsequent hacking of the protocol. The attackers then conducted transactions with the target pools, exchanged part of their funds for the ASA ID: 386192725 (gobtc), and created several pool tokens.
After that, cybercriminals exploited a previously unknown vulnerability in a smart contract designed to burn tokens. Hackers conducted more than 17 transactions with gobtc and goeth pools (ASA ID: 386195940), which led to a decrease in the value of the asset. To increase profits and transfer money to wallets of centralized exchanges, hackers converted tokens into stablecoins.
Thus, cybercriminals withdrew $ 3 million worth of crypto assets. The Tinyman developers warned that the smart contracts used by the criminals have no restrictions and cannot be stopped. Therefore, the project team urges users to withdraw assets from wallets that may be affected by compromised smart contracts.
The creation of new deposits on the platform has been suspended until the situation is fully clarified. The project team reported that they turned to law enforcement agencies and cybersecurity companies for help in identifying those involved in the hacking. Tinyman will keep its users informed of the progress of the protocol recovery and security.
Recall that last year the DeFi Visor Finance protocol was hacked, during which hackers managed to steal 8.8 million VISR tokens worth about $ 8.2 million. The token price collapsed 30 times. In addition, the DeFi Grim Finance platform reported that hackers exploited a smart contract error and compromised wallets, withdrawing $ 30 million worth of tokens.
Crystal Blockchain analysts have prepared a report stating that over the past decade, the total equivalent of cryptocurrencies stolen by hackers has exceeded $ 12.1 billion.
