Cryptocurrencies, blockchain, NFT and new trends

MyAlgo users urged to withdraw as cause of $9.2M hack remains unknown

The Algorand wallet provider said it still hasn’t determined the cause of the attack, urging users to withdraw funds from wallets created with a seed phrase.

MyAlgo users urged to withdraw as cause of $9.2M hack remains unknown Own this piece of history

Collect this article as an NFT

A wallet provider for the Algorand (ALGO) network, MyAlgo, has warned its users to withdraw funds from any wallets created with a seed phrase amid an ongoing exploit that has seen an estimated $9.2 million worth of funds stolen.

MyAlgo tweeted the advice on Feb. 27 adding it still doesn’t know the cause of the recent wallet hacks and encouraged “everyone to take precautionary measures to protect their assets.”

Earlier on Feb. 27 the team tweeted a warning of a “targeted attack […] carried out against a group of high-profile MyAlgo accounts” which has seemingly been conducted over the past week.

The self-titled “on-chain sleuth,” ZachXBT, outlined in a Feb. 27 tweet that it’s suspected the exploit has pilfered over $9.2 million and crypto exchange ChangeNOW was able to freeze around $1.5 million worth of funds.

Particularly susceptible to the exploit were users who had mnemonic wallets with the key stored in an internet browser according to MyAlgo. A mnemonic wallet typically uses between 12 and 24 words to generate a private key.

John Wood, chief technology officer at the networks governance body the Algorand Foundation, took to Twitter on Feb. 27, saying around 25 accounts were affected by the exploit.

He added the exploit “is not the result of an underlying issue with the Algorand protocol” or its software development kit.

Algorand-focused developer collective released a report on Feb. 27 that eliminated multiple possible exploit vectors such as malware or operating system vulnerabilities.

The report determined the “most probable” scenarios were that the affected users’ seed phrases were compromised through socially engineered phishing attacks or MyAlgo’s website was compromised that lead to the “targeted exfiltration of unencrypted private keys.”

MyAlgo stated it would continue to work with authorities and would conduct a “thorough investigation to determine the root cause of the attack.”