Users of MyAlgo are recommended to leave since the reason for the $9.2 million hack is yet unknown.
The provider of the Algorand wallet stated that it has not yet identified the exploit that has stolen millions from ALGO and advised users to withdraw money from wallets made with a seed word.
MyAlgo, a supplier of wallets for the Algor and ALGO tickers down $0.25 network, has advised its users to withdraw money from any wallets made with a seed phrase due to a continuing exploit that has resulted in the theft of money believed to be worth $9.2 million.
On February 27, MyAlgo tweeted the recommendation along with the statement that it is still unsure of what led to the most recent wallet breaches and urged “everyone to take precautionary measures to secure their money.”
The team had earlier on February 27 tweeted a warning over what they called a “targeted attack […] carried out against a set of high-profile MyAlgo accounts” that appeared to have taken place over the previous week.
ZachXBT, the self-described “on-chain investigator,” stated in a tweet on February 27 that the crypto exchange ChangeNOW was able to freeze about $1.5 million in money, and it is believed that over $9.2 million has been stolen as a result of the hack.
According to MyAlgo, individuals who had mnemonic wallets with the key kept in an internet browser were particularly vulnerable to the hack. A private key is often generated by a mnemonic wallet using between 12 and 24 words.
On February 27, John Wood, the Algorand Foundation’s chief technical officer, tweeted that the attack had impacted approximately 25 accounts.
The exploit, he continued, “is not the outcome of an inherent problem with the Algorand protocol” or its software development kit.
On February 27, the developer collective D13.co, which focuses on Algorand, published a paper that ruled out a number of potential attack routes like malware and operating system flaws.
According to the research, the “most probable” scenarios involved MyAlgo’s website being hijacked or socially engineered phishing attempts compromising the affected users’ seed phrases, which then allowed for the “targeted exfiltration of unencrypted private keys.”
According to MyAlgo, it would keep collaborating with law enforcement and carry out a “thorough investigation to ascertain the underlying cause of the attack.”