There was a big tinyman exploit. You can read about it here: https://www.reddit.com/r/HEADLINECrypto/comments/rufvse/tinyman_attack_report_1/?utm_source=share&utm_medium=web2x&context=3

This script works to find exploiters for a given pool. It currently only works for ASSET/ALGO pairs but can be trivially updated for ASSET/ASSET pairs.


  1. Clone the repo.
  2. Install Python3 (https://www.python.org/downloads/).
  3. Install the tinyman SDK: pip3 install git+https://github.com/tinymanorg/tinyman-py-sdk.git.
  4. Set up a developer account on https://purestake.com.
  5. Put your API key in headers.json where there is currently a placeholder.
  6. Replace your asset ID for swapping in parse_for_exploiters.py as ID_A.


The script is currently set up for the goBTC/ALGO pair, and the examples below are from this pair.

Run python3 parse_for_exploiters.py. If all went well, you should start to see something like this:

When exploits are found, their group ID will be printed like so:

You can search these group IDs on algoexplorer to confirm them:

Tip if you wanna <33

If this was useful to you I’m https://twitter.com/AlgofishExe on twitter and my ALGO address is FISHEXEW6C4H6PRREM4OLBQ3EOMI2ETUBM2C3UCNHSV33LA5RTM6A577T4. No pressure whatsoever, just thought this would be a good tool for people to have.


View Github