MyAlgo, a wallet provider on the Algorand (ALGO) Network, has warned its users to withdraw funds from any wallet created with a seed phrase, due to an attack which led to the theft of funds of approximately USD 9.2 million.
MyAlgo tweeted the advice on February 27, adding that it still doesn’t know the cause of the recent wallet hacks. and encouraged “everyone to take precautionary measures to protect their assets.”
IMPORTANT: ⚠️We strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo. As we still don’t know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.
— MyAlgo (@myalgo_) February 27, 2023
IMPORTANT: ⚠️ We strongly recommend all users to withdraw any funds from the Mnemonic wallets that were stored in MyAlgo. As we still don’t know the root cause of the recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thanks for your understanding.
Previously, on February 27, the team tweeted a warning about a “targeted attack […] carried out against a group of high-profile MyAlgo accounts” that apparently took place over the past week.
The self-described “on-chain detective”, ZachXBT, noted in a Feb. 27 tweet that the exploit is suspected of stealing more than $9.2 million and that crypto exchange ChangeNOW was able to freeze $1.5 million worth of funds..
I haven’t seen many posts about this on CT yet but it’s suspected over $9.2m (19.5M ALGO, 3.5m USDC, etc) has been stolen on Algorand as a result of this attack from Feb 19th to 21st.
ChangeNow shared they were able to freeze $1.5m. https://t.co/BPCXTUD57n pic.twitter.com/A3t7Ss0e83
— ZachXBT (@zachxbt) February 28, 2023
I haven’t seen many posts about this in CT yet, but it is suspected that over $9.2 million (19.5 million ALGO, 3.5 million USDC, etc.) has been stolen in Algorand as a result of this attack on February 19-21. . ChangeNow shared that they were able to freeze $1.5 million. https://t.co/BPCXTUD57n pic.twitter.com/A3t7Ss0e83
Especially susceptible to the exploit were users who had mnemonic wallets with keys stored in an Internet browser., according to MyAlgo. A mnemonic wallet typically uses between 12 and 24 words to generate a private key.
John WoodCTO of the Algorand Foundation, the governing body of the networks, posted on Twitter on February 27 that the exploit had affected about 25 accounts.
1/n Update on the exploit impacting ~25 accounts: from our investigation, this is not the result of an underlying issue with the Algorand protocol or SDK.
—John Woods (@JohnAlanWoods) February 27, 2023
1/n Update on exploit affecting ~25 accounts: Based on our investigation, this is not the result of an underlying issue with the Algorand protocol or SDK
He added that the exploit “is not the result of an underlying problem with the Algorand protocol” or its SDK.
The developer collective D13.co, focused on Algorand, published a report on February 27 removing multiple potential exploit vectors, such as malware or operating system vulnerabilities.
The report determined that the “most likely” scenarios were that affected users’ seed phrases were compromised via social engineering phishing attacks or that the MyAlgo website was compromised, leading to the “selective exfiltration of unencrypted private keys “.
MyAlgo stated that it would continue to work with authorities and conduct a “thorough investigation to determine the root cause of the attack.”.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.