Algorand-based wallet provider MyAlgo has again urged users to withdraw their funds following a security breach in February that does not appear to have been resolved.
Update: Funds are still being actively drained from MyAlgo users. https://t.co/fzkS9PFkAm pic.twitter.com/cgrWigu2Wn
— ZachXBT (@zachxbt) March 6, 2023
Meanwhile, decentralized exchange Algodex revealed that a malicious actor broke into the company’s wallet on March 5 in what “looks similar to what is currently happening in the Algorand ecosystem,” it said in a post on Twitter.
On March 6 postAlgodex explained that in the early hours of the previous morning, the company’s wallet was compromised by a malicious actor.
According to Algodex, precautions were taken before the attack, including moving the majority of their USDC and treasury tokens ALGX tokens to secure locations.
#PeckShieldAlert @AlgodexOfficial reported that a malicious actor compromised 1 of their corporate wallets (w/s ~55k)
The exploit appears to share similarities with current incidents in the #Algorand ecosystem@myalgo_ alerts users to withdraw funds/refund to a new account https://t.co/G7nhlzMebF
— PeckShieldAlert (@PeckShieldAlert) March 7, 2023
However, the compromised wallet was linked to the Algodex Liquidity Rewards program and was responsible for providing additional liquidity to the ALGX token.
“This led to the malicious actor being able to remove Algo and ALGX in the Tinyman pool we created to provide additional liquidity to the ALGX token,” Algodex said.
The exchange noted that $25,000 in ALGX tokens intended to provide liquidity rewards had been taken, but said it would replace this in full.
It added that the total loss from the theft was less than $55,000, but Algodex users and ALGX liquidity were not affected.
Meanwhile, the wallet provider for the Algorand networkMyAlgo has renewed warnings to users to withdraw their assets or transfer their funds to new accounts as soon as possible.
All MyAlgo users should withdraw their funds or transfer their funds to new accounts as soon as possible! ⚠️ Don’t wait!!
Create a new account:https://t.co/FhRCndPvfShttps://t.co/mj57KBg8Ml
Instructions for a new account key:
— MyAlgo (@myalgo_) March 6, 2023
Multiple warnings were issued late February 19th through February 21st MyAlgo security breachresulting in losses of about $9.2 million.
On 27 Feb. the MyAlgo team tweeted warning of a targeted attack carried out “against a group of high-ranking MyAlgo accounts” over the past week.
Connected: 7 DeFi Protocol Hacks in February Show $21 Million in Stolen Funds: DefiLlama
The wallet provider also said the reason for the wallet hack was unknown and encouraged “everyone to take precautions to protect their assets” by transferring funds or switching accounts.
Algodex, Lofty and AlgoCasino were all hit on March 5th
This appears to be little more than phishing according to experts in the field
People smarter than me strongly recommend that we A) Rekey accounts B) Send tokens to a brand new non-MyAlgo wallet C) Rekey to a cold wallet https://t.co/nS2frvmmyT
— AndrewW.algo (@AndrewWindmills) March 6, 2023
John Wood, chief technology officer at network management body Algorand Foundation, went on Twitter the same day, saying about 25 accounts were affected by the exploit.
“This is not the result of a fundamental problem with the Algorand protocol or the SDK,” he said at the time.
#Algodex #Reveals #Wallet #Infiltrated #Malicious #Actor #MyAlgo #Renews #Warning #Download