MyAlgo, a wallet on the Algorand network, a popular cryptocurrency project, has been hacked. Therefore, the team advised users to withdraw their funds. Here are the details…
Cryptocurrency wallet hacked
Algorand wallet MyAlgo has recently advised all its users to withdraw funds from Mnemonic wallets stored on MyAlgo due to an attack that occurred more than a week ago. The root cause of the attack is currently unclear, and the company encourages everyone to take precautionary measures to protect their assets. In a tweet from MyAlgo, he used the following statements:
IMPORTANT: We strongly recommend all users to withdraw funds from Mnemonic wallets stored on MyAlgo. As we still do not know the root cause of the recent attacks, we urge everyone to take precautionary measures to protect their assets. Thank you for your understanding.
https://twitter.com/myalgo_/status/163021807541828739
The company urges its users not to rush the process and make sure they transfer funds or reopen accounts securely. They also asked everyone to take their time and avoid making mistakes, and to reach out to them for help if they had any questions. The attacks took place more than a week ago and there has been no further movement since. The company did not disclose any details about the extent of the damage or the number of users affected by the attack.
Analysts on Twitter announced the estimated balance sheet
ZachXBT stated in a tweet on February 27 that the damage from the hack was suspected to exceed $9.2 million, and crypto exchange ChangeNOW was able to freeze approximately $1.5 million in funds. According to MyAlgo, users with mnemonic wallets with the key stored in an internet browser were particularly vulnerable to the exploit. A mnemonic wallet usually uses 12 to 24 words to generate a private key.
I haven’t seen many posts about this on CT yet but it’s suspected over $9.2m (19.5M ALGO, 3.5m USDC, etc) has been stolen on Algorand as a result of this attack from Feb 19th to 21st.
ChangeNow shared they were able to freeze $1.5m. https://t.co/BPCXTUD57n pic.twitter.com/A3t7Ss0e83
— ZachXBT (@zachxbt) February 28, 2023
John Wood, chief technology officer of the network’s governing body, the Algorand Foundation, said on Twitter that about 25 accounts were affected. He added that the abuse was “not the result of a fundamental issue with the Algorand protocol or the software development kit.” Algorand-focused developer community D13.co released a report on Feb. 27 that ruled out the possibilities for multiple exploit factors, such as malware or operating system vulnerabilities.
2/n If you are currently a user of a hot wallet with MyAlgo, we recommend rekeying to a ledger or other 3rd party wallet as a precautionary measure.
— John Woods (@JohnAlanWoods) February 27, 2023
The report determined that the “most likely” scenarios are the compromise of affected users’ seed phrases through phishing attacks, or the hacking of MyAlgo’s website leading to “theft of unencrypted private keys.” MyAlgo said it will continue to work with authorities and will “conduct a thorough investigation to determine the root cause of the attack.”
Advice given to MyAlgo users
MyAlgo is a non-custodial wallet that allows users to securely store and manage Algorand assets. The company says it has always argued that user security is paramount. MyAlgo assured its users that they are working tirelessly to identify the root cause of the hacking and ensure that such incidents do not occur in the future.
It is important that all MyAlgo users follow the company’s recommendations and withdraw funds from Mnemonic wallets stored in MyAlgo. Users are also advised to take additional precautions such as changing their passwords and monitoring their accounts for any suspicious activity.
33489
