According to Algorand developer collective D13, $8.6 million worth of cryptocurrency may have been stolen via the Algorand wallet MyAlgo. February 27.
D13 said it has been investigating the issue since its first day on 20 February. The $7.2 million he reported confirmed that 17 addresses holding USDC and ALGO were compromised. In addition, he added that $1.4 million could be compromised at four other addresses.
The group offered two possible explanations for this incident. It states that users may have stolen wallet seed phrases through phishing or social engineering attacks, or MyAlgo.com may have been attacked and leaked unencrypted private keys.
If the attack was carried out via targeted phishing, it would be user error. However, D13 notes that it is difficult to consider this incident “predominantly user error”. The attack on Solana’s Slope wallet in 2022 made headlines, pointing out that even attacks that move relatively little money can be a bigger problem.
The developer group also said key generation issues, Mac and iOS vulnerabilities, and malware are unlikely explanations for this incident.
D13 also recommended that users “rekey” their MyAlgo wallets (a process similar to changing passwords on other accounts) or move their funds elsewhere.
Affected wallets, MyAlgo, separately Told the user to withdraw It writes that users are “strongly encouraged” to move funds out of the MyAlgo mnemonic wallet.
Noting that the most recent transfer took place last week and we haven’t seen any suspicious movement of funds since then, we have instructed users to act slowly and cautiously.