Algorand wallet provider asks users to withdraw funds following exploit

• A wallet provider for Algorand has warned its users to withdraw funds from their mnemonic wallets.
• The warning comes a week after an exploit drained $9.2 million from high-profile MyAlgo wallets.

MyAlgo, a wallet provider for the Algorand Network, has warned its users to withdraw their funds amid an exploit that saw nearly $9.2 million stolen. The warning was extended to users with funds in Mnemonic wallets that were stored in MyAlgo. 

25 high-profile MyAlgo wallets affected by the exploit

According to a 27 February tweet by MyAlgo, wallets that were created with a seed phrase are the ones to watch out for. MyAlgo stated that the attacks took place over a week ago, with no other developments since. The provider stated:

“As we still don’t know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.”

IMPORTANT: ⚠️We strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo. As we still don't know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.

— MyAlgo (@myalgo_) February 27, 2023

MyAlgo has urged users with mnemonic wallets to switch to a ledger wallet or open a new account. Earlier this week, the MyAlgo team informed its community on Twitter about the attack that targeted high-profile MyAlgo accounts. All the affected users had significant funds lying in their accounts with the key stored in the browser.

The root cause of the attack remained unidentified at press time. However, the wallet provider said that it was working with authorities to determine the same. 

Million stolen on Algorand

On 28 February, popular on-chain sleuth ZachXBT revealed that the attacker had made away with 19.5 million ALGO and 3.5 million USD Coin [USDC] in the exploit that took place between 19 – 22 February.

I haven’t seen many posts about this on CT yet but it’s suspected over $9.2m (19.5M ALGO, 3.5m USDC, etc) has been stolen on Algorand as a result of this attack from Feb 19th to 21st.

ChangeNow shared they were able to freeze $1.5m. https://t.co/BPCXTUD57n pic.twitter.com/A3t7Ss0e83

— ZachXBT (@zachxbt) February 28, 2023

Changenow has reportedly frozen $1.5 million of the exploited funds. Interestingly, data from CoinMarketCap shows that the native token ALGO was not affected by any of the events. However, the token has seen considerable volatility over the past few days. 

According to John Wood, the Chief Technology Officer of the Algorand Foundation, the network’s investigation revealed that 25 accounts were affected by the exploit. Woods agreed with the advisory put out by MyAlgo and urged users to switch to a ledger or a third-party wallet.