crypto.news
Algorand (ALGO) wallet provider MyAlgo has asked users to withdraw all funds in their wallets or rekey them to new wallets as soon as possible following a breach that compromised $9.2 million.
In a tweet posted on March 7, MyAlgo, a wallet provider for the Algorand network, urged its users to withdraw funds from their wallets or rekey them to other third-party wallets, such as Pera Web and Defly, or a ledger, in the shortest time possible.
All users of MyAlgo must withdraw their funds or rekey their funds to new accounts asap! ⚠️🚨 Do not wait!!
— MyAlgo (@myalgo_) March 6, 2023
Create new account:https://t.co/FhRCndPvfShttps://t.co/mj57KBg8Ml
Rekey Account Instructions:
Pera: https://t.co/PZog8fw0tO
Defly: https://t.co/PZog8fw0tO
In the tweet, MyAlgo also provided information on how customers could carry out the rekeying process on either of the alternative wallets.
Rekeying is a feature of the Algorand network that enables account holders to retain a public address while assigning various private keys from another account.
The process involves changing the account’s authorized private keys while preserving its public address. Since the user controls both wallets in this situation, it transfers the signing rights from one to the other.
Rekeying a wallet is frequently necessary due to a compromised account, a change in wallet ownership, or when using a ledger hard wallet.
MyAlgo’s latest recommendation followed a similar one on Feb. 27 when it asked users to withdraw funds from any wallets created with a seed phrase they may have stored on the platform.
IMPORTANT: ⚠️We strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo. As we still don't know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.
— MyAlgo (@myalgo_) February 27, 2023
Advisory comes after $9.2 million hack
The alert came after news emerged of a targeted attack against several high-profile MyAlgo accounts that seemingly took place a couple of weeks ago.
On-chain sleuth ZachXBT tweeted that the hackers might have stolen approximately $9.2 million. However, the crypto exchange, ChangeNOW, was able to freeze over $1.5 million after the attackers tried to launder the stolen funds through it.
I haven’t seen many posts about this on CT yet but it’s suspected over $9.2m (19.5M ALGO, 3.5m USDC, etc) has been stolen on Algorand as a result of this attack from Feb 19th to 21st.
— ZachXBT (@zachxbt) February 28, 2023
ChangeNow shared they were able to freeze $1.5m. https://t.co/BPCXTUD57n pic.twitter.com/A3t7Ss0e83
The wallet provider stated that it is collaborating with law enforcement authorities and the impacted parties to investigate the matter. However, the organization still does not know what caused the hack.
According to Algorand CTO John Wood, the attack affected 25 wallets. Still, there was no underlying problem with the Algorand protocol or its proprietary software development kit that might have contributed to the vulnerability.
1/n Update on the exploit impacting ~25 accounts: from our investigation, this is not the result of an underlying issue with the Algorand protocol or SDK.
— John Woods (@JohnAlanWoods) February 27, 2023
Wood promised that once investigations into the attack were complete, he would make a video explaining how the vulnerability occurred and how ALGO users can safeguard themselves.