MyAlgo, a wallet provider for the Algorand network, is recommending its users to withdraw funds from any wallets created using a seed phrase, following an ongoing exploit that has resulted in the theft of an estimated $9.2 million worth of cash.
On February 27th, 2023, MyAlgo confirmed via a tweet that the root cause of the recent wallet breaches is still unknown and advised its users to take measures to protect their finances.
According to the tweet:
“IMPORTANT: ⚠️We strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo. As we still don’t know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.”
On February 26th, 2023, the team tweeted about a focused assault on several prominent MyAlgo accounts that appeared to have occurred during the preceding week. The tweets indicated that the hacked users had significant sums of money in their accounts and employed only browser-based mnemonic wallets with their keys, with no hardware wallets being used.
MyAlgo emphasized its commitment to security, utilizing modern encryption and regularly undergoing security audits. The platform acknowledges the risks associated with mnemonic hot wallets and have advocated for the use of hardware and multisig wallets since the inception of their platform.
John Wood, the Chief Technology Officer of the Algorand Foundation, stated that around 25 accounts were affected by the exploit. Wood suggested that users who use MyAlgo hot wallets should take precautionary measures and switch to a ledger or a third-party wallet for safety purposes. He also said he plans to create a video explaining the recent incident and providing guidance on how users can protect themselves.
1/n Update on the exploit impacting ~25 accounts: from our investigation, this is not the result of an underlying issue with the Algorand protocol or SDK.
— John Woods (@JohnAlanWoods) February 27, 2023
D13.co, a developer collective that specializes in Algorand, published a report on February 27th. The report eliminated several possible attack methods, including malware and operating system vulnerabilities.
It identified two possible scenarios as the most probable: a compromise of the MyAlgo website that resulted in the theft of unencrypted private keys or a socially engineered phishing attack that led to the compromise of seed phrases for the affected individuals.
If you would like to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
