{"id":21898,"date":"2023-02-27T23:52:22","date_gmt":"2023-02-28T07:52:22","guid":{"rendered":"https:\/\/coinnetworknews.com\/myalgo-users-urged-to-withdraw-as-cause-of-9-2m-hack-remains-unknown\/"},"modified":"2023-02-27T23:52:22","modified_gmt":"2023-02-28T07:52:22","slug":"myalgo-users-urged-to-withdraw-as-cause-of-9-2m-hack-remains-unknown","status":"publish","type":"post","link":"https:\/\/coinnetworknews.com\/myalgo-users-urged-to-withdraw-as-cause-of-9-2m-hack-remains-unknown\/","title":{"rendered":"MyAlgo users urged to withdraw, as cause of $9.2M hack remains unknown"},"content":{"rendered":"

<\/p>\n

\n

A wallet provider for the Algorand (ALGO<\/a>) network, MyAlgo, has warned its users to withdraw funds from any wallets created with a seed phrase amid an ongoing exploit that has seen an estimated $9.2 million worth of funds stolen.<\/p>\n

MyAlgo tweeted the advice on Feb. 27, adding it still doesn\u2019t know the cause of the recent wallet hacks and encouraged \u201ceveryone to take precautionary measures to protect their assets.\u201d<\/p>\n

\n

IMPORTANT: \u26a0\ufe0fWe strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo. As we still don’t know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.<\/p>\n

\u2014 MyAlgo (@myalgo_) February 27, 2023<\/a><\/p><\/blockquote>\n

Earlier on Feb. 27, the team tweeted<\/a> a warning of a \u201ctargeted attack […] carried out against a group of high-profile MyAlgo accounts\u201d that has seemingly been conducted over the past week.<\/p>\n

The self-titled \u201con-chain sleuth,\u201d ZachXBT, outlined in a Feb. 27 tweet that it\u2019s suspected the exploit has pilfered over $9.2 million and crypto exchange ChangeNOW was able to freeze around $1.5 million worth of funds.<\/p>\n

\n

I haven\u2019t seen many posts about this on CT yet but it\u2019s suspected over $9.2m (19.5M ALGO, 3.5m USDC, etc) has been stolen on Algorand as a result of this attack from Feb 19th to 21st.<\/p>\n

ChangeNow shared they were able to freeze $1.5m. https:\/\/t.co\/BPCXTUD57n<\/a> pic.twitter.com\/A3t7Ss0e83<\/a><\/p>\n

\u2014 ZachXBT (@zachxbt) February 28, 2023<\/a><\/p><\/blockquote>\n

Particularly susceptible to the exploit were users who had mnemonic wallets with the key stored in an internet browser<\/a>, according to MyAlgo. A mnemonic wallet typically uses between 12 and 24 words to generate a private key<\/a>.<\/p>\n

John Wood, chief technology officer at the networks governance body the Algorand Foundation, took to Twitter on Feb. 27, saying around 25 accounts were affected by the exploit.<\/p>\n

\n

1\/n Update on the exploit impacting ~25 accounts: from our investigation, this is not the result of an underlying issue with the Algorand protocol or SDK.<\/p>\n

\u2014 John Woods (@JohnAlanWoods) February 27, 2023<\/a><\/p><\/blockquote>\n

He added the exploit \u201cis not the result of an underlying issue with the Algorand protocol\u201d or its software development kit.<\/p>\n

Related: <\/em><\/strong>$700,000 drained from BNB Chain-based DeFi protocol LaunchZone<\/em><\/strong><\/a><\/p>\n

Algorand-focused developer collective D13.co released a report<\/a> on Feb. 27 that eliminated multiple possible exploit vectors such as malware or operating system vulnerabilities.<\/p>\n

The report determined the \u201cmost probable\u201d scenarios were that the affected users\u2019 seed phrases were compromised through socially engineered phishing attacks or MyAlgo\u2019s website was compromised, leadin to the \u201ctargeted exfiltration of unencrypted private keys.\u201d<\/p>\n

MyAlgo stated it would continue to work with authorities and would conduct a \u201cthorough investigation to determine the root cause of the attack.\u201d<\/p>\n