MyAlgo, an Algorand-based wallet service, has advised customers to withdraw money from any wallets they may have made using a mnemonic phrase as the business is still looking into an issue that resulted in a $10 million loss.
The wallet provider alerted users through Twitter on February 26 that “a targeted assault was carried out against a bunch of high-profile MyAlgo accounts.”
MyAlgo went on to say that the people that were attacked were using mnemonic hot wallets with private keys saved in the browser and had substantial sums of assets in their accounts. The attack did not impact users using hardware wallets, the researchers claimed.
The wallet provider declared that it assisted the authorities and the impacted parties in investigating the event. Nonetheless, the company strongly encouraged all users to move any money from seed phrase wallets kept in MyAlgo in a Monday update since it is still unsure of what caused the breaches.
ZachXBT, a blockchain investigator, claims that the hacker took from victims 9.6 million USDC and 19.5 million ALGO, totaling $9.6 million.
Nevertheless, once the attacker attempted to use the platform to launder the assets, centralized exchange ChangeNow could freeze $1.5 million of the stolen monies.
John Wood, the chief technology officer of Algorand, stated that the event affected 25 wallets but added that there was no “underlying problem with the Algorand network or SDK” that contributed to the exploit.
When the investigation is complete, the CTO promised to provide an educational film outlining how the vulnerability occurred and how consumers may safeguard themselves.