Algodex reveals wallet infiltrated by ‘malicious’ actor as MyAlgo renews warning: back off now

Algorand-based wallet provider MyAlgo has again urged users to withdraw their funds following a February vulnerability that appears to have gone unresolved.

Meanwhile, decentralized exchange Algodex has revealed that a malicious actor infiltrated a corporate wallet on March 5 in what “looks like what’s currently happening in the Algorand ecosystem.” said in a Twitter post.

On March 6 afterAlgodex explained that a company wallet had been infiltrated by a malicious actor in the early hours of the previous morning.

Precautions were taken before the attack, according to Algodex, including moving most of their USDC and Treasury ALGX tokens to secure locations.

However, the infiltrated wallet was linked to Algodex’s liquidity rewards program and was responsible for providing additional liquidity to the ALGX token.

“This resulted in the malicious actor being able to delete the Algo and ALGX in the Tinyman pool we created to provide additional liquidity to the ALGX token,” Algodex said.

The exchange noted that $25,000 worth of ALGX tokens, intended to provide liquidity rewards, was taken, but said it would replace it entirely.

It added that the total loss from the theft was less than $55,000, but that Algodex users and ALGX’s liquidity were not affected.

Meanwhile, the wallet provider for the Algorand network, MyAlgo, has revamped its warnings for users to withdraw their assets or transfer their funds to new accounts as soon as possible.

Multiple alerts were issued at the end of a February 19 to February 21 vulnerability at MyAlgo that resulted in losses of approximately $9.2 million.

On February 27, the MyAlgo team tweeted a warning of a targeted attack carried out over the past week “against a group of high-profile MyAlgo accounts”.

Related: 7 DeFi protocol hacks in February see $21 million in stolen money: DefiLlama

The wallet provider further stated that the cause of the wallet hack was unknown and encouraged “everyone to take precautions to protect their assets” by transferring funds or re-entering accounts.

John Wood, chief technology officer at the networking governing body, the Algorand Foundation, went on Twitter the same day, saying about 25 accounts had been affected by the exploit.

“This is not due to an underlying problem with the Algorand protocol or SDK,” he said at the time.