The algorithm-based wallet provider MyAlgo has once again urged users to withdraw their funds after a security breach in February that does not appear to have been resolved.
Update: Funds are still being actively drained from MyAlgo users. https://t.co/fzkS9PFkAm pic.twitter.com/cgrWigu2Wn
— ZachXBT (@zachxbt) March 6, 2023
Update: Funds continue to be actively drained from MyAlgo users.
For its part, the decentralized exchange Algodex has revealed that a malicious actor infiltrated a company wallet on March 5 in what “appears to be similar to what is currently happening in the Algorand ecosystem,” said in a tweet.
In a post of March 6, Algodex explained that a malicious actor infiltrated a company wallet during the early hours of the previous day.
Algodex took precautions ahead of the attack, including moving most of its USD Coin (USDC) and native Algodex (ALGX) tokens to safe locations.
#PeckShieldAlert @AlgodexOfficial reported that a malicious actor infiltrated 1 of their corporate wallets (w/s ~55k)
The exploit seems to share similarities with the ongoing incidents in the #Algorand ecosystem@myalgo_ alerted users to withdraw funds/rekey funds to new account https://t.co/G7nhlzMebF— PeckShieldAlert (@PeckShieldAlert) March 7, 2023
#PeckShieldAlert @AlgodexOfficial reported that a malicious actor infiltrated 1 of their corporate wallets (w/s ~55,000). The exploit appears to share similarities with ongoing incidents in the #Algorand ecosystem @myalgo_ alerted users to withdraw funds/reintroduce funds to a new account
However, the infiltrated wallet was tied to Algodex’s liquidity rewards program and was responsible for providing additional liquidity to the ALGX token.
“This resulted in the malicious actor being able to remove the Algo and ALGX in the Tinyman pool created by us to provide additional liquidity to the ALGX token,” Algodex said.
The exchange noted that the attacker made off with $25,000 in ALGX tokens allocated to provide liquidity rewards.but said he would replenish them in full.
He added that the total loss from the theft was less than $55,000, but that Algodex users and ALGX liquidity were not affected.
For its part, the wallet provider of the Algorand network, MyAlgo has renewed warnings for users to withdraw their assets or switch their funds to new accounts as soon as possible.
All users of MyAlgo must withdraw their funds or rekey their funds to new accounts asap! ⚠️ Do not wait!!
Create new account:https://t.co/FhRCndPvfShttps://t.co/mj57KBg8Ml
Rekey Account Instructions:
Pear: https://t.co/PZog8fw0tO
Defly: https://t.co/PZog8fw0tO— MyAlgo (@myalgo_) March 6, 2023
All MyAlgo users should withdraw their funds or switch to new accounts as soon as possible. ⚠️ Don’t wait! Create a new account: https://t.co/FhRCndPvfShttps://t.co/mj57KBg8Ml. Instructions to change the password of the account:
Pear: https://t.co/PZog8fw0tO
Defly: https://t.co/PZog8fw0tO
Multiple warnings have been issued following a security breach in MyAlgo between February 19 and 21which caused losses of about USD 9.2 million.
On February 27, the MyAlgo team tweeted a warning about a targeted attack carried out “against a group of high-profile MyAlgo accounts” During last week.
The wallet provider claimed that the cause of the attack was unknown and encouraged “everyone to take precautionary measures to protect their assets.” transferring funds or changing the passwords of their accounts.
Algodex, Lofty and AlgoCasino were all hit March 5th
This seems to be a little more than phishing as per experts in the field
It has been strongly advised by people smarter than me that we A) Rekey accounts B) Send tokens to a brand new non-MyAlgo wallet C) Rekey to cold wallet https://t.co/nS2frvmmyT
— AndrewW.something (@AndrewWindmills) March 6, 2023
Algodex, Lofty and AlgoCasino were attacked on March 5. This appears to be little more than phishing, according to experts in the field. It has been strongly advised by people smarter than me to A) Change account keys B) Send tokens to a new non-MyAlgo wallet C) Switch to an offline wallet.
John Wood, CTO of the Algorand Foundation, the networks’ governing body, spoke on Twitter the same day, affirming that about 25 accounts had been affected by the exploit.
“This is not the result of an underlying problem with the Algorand protocol or SDK,” he said.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.