Wallet app MyAlgo admitted to being hacked, recommending users to quickly withdraw funds from the Mnemonic wallet stored in MyAlgo.
On February 27, Algorand’s MyAlgo Wallet issued a warning on its Twitter about the hacking incident, and asked users to withdraw assets from the Mnemonic wallet to preserve assets.
IMPORTANT: ⚠️We strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo. As we still don’t know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.
— MyAlgo (@myalgo_) February 27, 2023
At the time of writing the article, MyAlgo admitted that the cause of the incident had not yet been found. Therefore, the project recommends that users best take “prevention is better than cure” measures, including transferring money to Ledger cold wallet, or creating a new account.
Under the comment section, MyAlgo said that the hack has been going on for a week, there are about 17 affected wallets containing high value, but there has been no action from the hackers since then.
Meanwhile, “on-chain detective” ZachXBT traced about $9.2 million in the form of 19.5 million ALGO and 3.5 million USDC stolen on Algorand. Hackers then dispersed the stolen money on exchanges, including ChangeNow, according to ZachXBT, the platform quickly froze $1.5 million identified as hacked.
The attack took place from February 19 to 21, 2023, but was not announced until February 26.
I haven’t seen many posts about this on CT yet but it’s suspect over $9.2m (19.5M ALGO, 3.5m USDC, etc) has been stolen on Algorand as a result of this attack from Feb 19th to 21st.
ChangeNow shared they were able to freeze $1.5m. https://t.co/BPCXTUD57n pic.twitter.com/A3t7Ss0e83
— ZachXBT (@zachxbt) February 28, 2023
Recently, a similar security incident happened to another wallet platform, Edge. As reported by Kyptos, this wallet app was found to have an infrastructure-level vulnerability and did leaked about 2,000 private keys of users, the estimated damage is currently in the “five-digit” range.
Currently, it is unclear if there is a common denominator between the recent attacks targeting wallet applications, or what the MyAlgo incident really is, Kyptos will continue to update readers with the latest information. .