ALGO Tinyman DEX exploited. remove all your liquidity now.

Tl;Dr : The ALGO Tinyman DEX has been exploited. For all the ALGOnaughts outs there, pull out all of your liquidity now (until the DEV's can resolve the issue).

I saw this on the Algomeow discord which has been in contact with the Tinyman DEV's.

( From Tinyman Discord:)

( 10:28 one of tinies: As many of you are aware an attack occurred on Tinyman Pools on January 1st/2nd. The attack exploits a previously unknown bug in the contract and allows the attacker to withdraw assets from a pool that they are not entitled to. The attack has been executed on multiple pools until now. The financial incentive for the attack varies from pool to pool so not all pools have been attacked.

( As a trustless protocol Tinyman uses immutable contracts. This unfortunately means there is no ability for a quick fix to this problem for the current pools. We will work on a fix for the problem and deploy a new version of the contracts and put a migration plan in place. ( In the meantime we believe the best plan of action is to ask our community to remove all their liquidity from ALL Tinyman pools. ( We will make sure that the community is taken care of and we will publish a detailed incident report in the coming days. )

Edit :

1) The Tinyman team has issued a warning on its website (swap page).

2) as mentioned in the comments. This only affects liquidity pools in the tinyman DEX. Your assets in your wallets (ASA's and Algo), yieldly or AlgoFi are safe as they are not related to Tinyman LP's.

Once again, anyone invested in Tinyman liquidity pools, kindly pull out immediately.