Algorand-based wallet provider MyAlgo has once again asked users to withdraw their funds following a February security breach that appears to be unsolved.
Update: Funds are still actively being drained from MyAlgo users. https://t.co/fzkS9PFkAm pic.twitter.com/cgrWigu2Wn
— ZachXBT (@zachxbt) March 6, 2023
Meanwhile, the decentralized exchange Algodex has announced that a malicious actor hacked the company’s wallet on March 5 in “it looks like what is currently happening in the Algorand ecosystem,” it said in a Twitter post.
On March 6 postAlgodex explained that earlier in the morning, the company’s wallet was hacked by malicious actors.
According to Algodex, precautions were taken before the attack, including moving many USDC tokens and ALGX token treasury to secure the location.
#PeckShieldAlert @AlgodexOfficial report that a bad actor hacked 1 company wallet (w/s ~55k)
Exploitation seems to share similarities with active incidents # Algorand ecosystem@myalgo_ alert user to withdraw funds / rekey funds to new account https://t.co/G7nhlzMebF— PeckShieldAlert (@PeckShieldAlert) March 7, 2023
However, the hacked wallet is tied to the Algodex liquidity rewards program and is responsible for providing extra liquidity for ALGX tokens.
“This resulted in malicious actors being able to delete Algo and ALGX in the Tinyman pool created by us to provide additional liquidity to ALGX tokens,” Algodex said.
The exchange noted that $25,000 in ALGX tokens meant to reward liquidity were taken but will replace this completely.
It added that the total loss from the theft was less than $55,000, but Algodex users and ALGX liquidity were not affected.
Meanwhile, the wallet provider for the Algorand network, MyAlgo, has renewed its warning to users to withdraw assets or rekey funds to new accounts as soon as possible.
All MyAlgo users should withdraw funds or rekey funds to new accounts ASAP! ⚠️ Don’t wait!!
Create a new account: https://t.co/FhRCndPvfShttps://t.co/mj57KBg8Ml
Account Rekey Instructions:
Pera: https://t.co/PZog8fw0tO
Defly: https://t.co/PZog8fw0tO— MyAlgo (@myalgo_) March 6, 2023
Several warnings have been issued at the end of the tail from February 19 to February 21 security breach in MyAlgo, which caused a loss of around $9.2 million.
On February 27, the MyAlgo team tweeted warning of a targeted attack carried out “against a group of high-profile MyAlgo accounts” conducted over the past week.
related: 7 DeFi protocol hacks in Feb saw $21 million in funds stolen: DefiLlama
The wallet provider further stated that the cause of the wallet hack is unknown and encourages “everyone to take precautionary measures to protect their assets” by transferring funds or rekeying accounts.
Algodex, Lofty and AlgoCasino all hit March 5
This seems to be little more than phishing according to the experts in the field
It has been strongly recommended by people smarter than me to A) Rekey the account B) Send tokens to a new non-MyAlgo wallet C) Rekey to a cold wallet https://t.co/nS2frvmmyT
— AndrewW.algo (@AndrewWindmills) March 6, 2023
John Wood, chief technology officer at the Algorand Foundation’s network governance body, go on Twitter the same day, said around 25 accounts affected by the exploit.
“This is not the result of an underlying problem with the Algorand protocol or the SDK,” he said at the time.