Algorand-based wallet provider MyAlgo has again urged users to withdraw their funds following a February vulnerability that appears to have gone unresolved.
Update: MyAlgo users are still actively being charged money. https://t.co/fzkS9PFkAm pic.twitter.com/cgrWigu2Wn
— ZachXBT (@zachxbt) March 6, 2023
Meanwhile, decentralized exchange Algodex has revealed that a malicious actor infiltrated a corporate wallet on March 5 in what “looks like what’s currently happening in the Algorand ecosystem.” said in a Twitter post.
On March 6 afterAlgodex explained that a company wallet had been infiltrated by a malicious actor in the early hours of the previous morning.
Precautions were taken before the attack, according to Algodex, including moving most of their USDC and Treasury ALGX tokens to secure locations.
#PeckShieldAlert @AlgodexOfficial reported that a malicious person had infiltrated 1 of their corporate wallets (w/s ~55k)
The exploit seems to have similarities with the ongoing incidents in the #Algorand ecosystem@myalgo_ warned users to withdraw/refund funds to new account https://t.co/G7nhlzMebF
— PeckShieldAlert (@PeckShieldAlert) March 7, 2023
However, the infiltrated wallet was linked to Algodex’s liquidity rewards program and was responsible for providing additional liquidity to the ALGX token.
“This resulted in the malicious actor being able to delete the Algo and ALGX in the Tinyman pool we created to provide additional liquidity to the ALGX token,” Algodex said.
The exchange noted that $25,000 worth of ALGX tokens, intended to provide liquidity rewards, was taken, but said it would replace it entirely.
It added that the total loss from the theft was less than $55,000, but that Algodex users and ALGX’s liquidity were not affected.
Meanwhile, the wallet provider for the Algorand network, MyAlgo, has revamped its warnings for users to withdraw their assets or transfer their funds to new accounts as soon as possible.
All MyAlgo users should withdraw their funds or transfer their funds to new accounts ASAP! ⚠️ Don’t wait!!
Create New Account:https://t.co/FhRCndPvfShttps://t.co/mj57KBg8Ml
Rekey account instructions:
— My Algo (@myalgo_) March 6, 2023
Multiple alerts were issued at the end of a February 19 to February 21 vulnerability at MyAlgo that resulted in losses of approximately $9.2 million.
On February 27, the MyAlgo team tweeted a warning of a targeted attack carried out over the past week “against a group of high-profile MyAlgo accounts”.
Related: 7 DeFi protocol hacks in February see $21 million in stolen money: DefiLlama
The wallet provider further stated that the cause of the wallet hack was unknown and encouraged “everyone to take precautions to protect their assets” by transferring funds or re-entering accounts.
Algodex, Lofty and AlgoCasino were all hit on March 5
According to experts in the field, this appears to be something more than phishing
It is strongly advised by people smarter than me that we A) Rekey accounts B) Send Tokens to a brand new non-MyAlgo wallet C) Rekey to cold wallet https://t.co/nS2frvmmyT
— AndrewW.algo (@AndrewWindmills) March 6, 2023
John Wood, chief technology officer at the networking governing body, the Algorand Foundation, went on Twitter the same day, saying about 25 accounts had been affected by the exploit.
“This is not due to an underlying problem with the Algorand protocol or SDK,” he said at the time.
1 thought on “Algodex reveals wallet infiltrated by ‘malicious’ actor as MyAlgo renews warning: back off now”
It’s very effortless to find ⲟut any topic on web as compareԀ to textbooks, as I found this article
at this web pɑge.