Myalgorand-based wallet provider myalgo warned users to remove the assets of all portfolios created with a mnemonic sentence as the company is continuing its investigation into a feat that resulted in a $10 million loss.
The wallet provider tweeted on February 26, warning users that “a targeted attack was carried out against a group of high-profile MyAlgo accounts.”
MyAlgo recommends that users withdraw funds.
MyAlgo also explained that the attacked users had large amounts of assets in their accounts and used mnemonic purses with private keys stored in the browser. The feat has not affected hardware portfolio users, added the team.
The portfolio vendor stated that they were working with affected parties and authorities to investigate the incident. However, as part of an update on Monday, the team strongly advised all users to transfer funds from starting sentence portfolios stored in myalgo as it still does not know the main cause of the hacks.
IMPORTANT: ??All users are strongly encouraged to withdraw funds from mnemonic portfolios that have been stored in myalgo. With the root cause of recent piracy still unknown, we encourage everyone to take precautionary measures to protect their property. Thank you for your understanding.
— MyAlgo (@myalgo_) February 27, 2023
Over $9 Million Stolen
According to blockchain investigator ZachXBT, the hacker stole 19.5 million ALGO and 3.5 million USDC valued at $9.6 million from victims.
However, the centralized exchange system was able to freeze $1.5 million in stolen funds after the attacker attempted to launder the assets via the platform.
I haven't seen a lot of messages about it yet, but it is suspected of more than $9.2 million (19.5 million algo, 3.5m usdc, etc) was flown on the algorand following this February 19-21 attack.
Changenow shared they were capable of freezing $1.5m. https://t.co/BPCXTUD57n pic.twitter.com/A3t7Ss0e83
— ZachXBT (@zachxbt) February 28, 2023
Algorand’s chief technology officer John Wood noted that the incident affected 25 wallets while clarifying that the exploit was not caused by an “underlying issue with the Algorand network or SDK.”
The CTO said it would do an explanatory video on how the exploit took place and how users can protect themselves after the investigation is completed.