Would You like a feature Interview?
All Interviews are 100% FREE of Charge
MyAlgo, a wallet provider for the Algorand (ALGO) network, warned users to withdraw funds from wallets created with seed phrases in an ongoing exploit that saw an estimated $9.2 million worth of funds stolen. .
MyAlgo tweeted this advice on February 27, adding that the cause of the recent wallet hacks is still unknown, and urged “everyone to take precautions to protect their assets.”
IMPORTANT: ⚠️We strongly advise all users to withdraw funds from the mnemonic wallet stored in MyAlgo. We still don’t know the root cause of recent hacks, so we recommend taking precautions to protect your assets. thank you for understanding.
— Myalgo (@myalgo_) February 27, 2023
Early on February 27, the team murmured “Targeted Attack” Warning […] It was run against a group of well-known MyAlgo accounts.
Self-proclaimed “on-chain detective” ZachXBT outlined in a February 27 tweet that the exploit allegedly stole more than $9.2 million, allowing cryptocurrency exchange ChangeNOW to freeze about $1.5 million worth of funds.
I haven’t seen many CT posts about this yet, but over $9.2 million (19.5 million ALGO, 3.5 million USDC, etc.) was stolen in Algorand as a result of this attack from February 19th to 21st. suspected to have been
ChangeNow shared that it was able to freeze $1.5 million. https://t.co/BPCXTUD57n pic.twitter.com/A3t7Ss0e83
—ZachXBT (@zachxbt) February 28, 2023
According to MyAlgo, users with mnemonic wallets whose keys are stored in their internet browsers were particularly vulnerable to the exploit. Mnemonic wallets typically use 12-24 words to generate private keys.
John Wood, chief technology officer of the Algorand Foundation, a network governance body, said on Twitter on February 27 that about 25 accounts were affected by the exploit.
UPDATE ON EXPLOIT AFFECTING ACCOUNTS 1/n-25: Based on our research, this is not the result of an underlying problem with the Algorand protocol or SDK.
— John Woods (@JohnAlanWoods) February 27, 2023
He added that the exploit was “not the result of an underlying problem with the Algorand protocol or its software development kit.”
Related: $700,000 leaked from BNB chain-based DeFi protocol LaunchZone
Algorand-focused developer collective D13.co report This eliminated multiple possible exploit vectors, including malware and operating system vulnerabilities.
The report states that the “most likely” scenario is that the affected user’s seed phrase was compromised via a social engineering phishing attack, or that MyAlgo’s website was compromised, resulting in a “targeted exfiltration of unencrypted private keys. I decided that it would lead to
MyAlgo said it will continue to work with authorities to conduct a “thorough investigation to determine the root cause of the attack.”