Crypto exchange Algodex and wallet provider MyAlgo have suffered multiple security breaches in recent weeks. Today MyAlgo issued another warning stating that users should withdraw their funds as the recent security breach has not yet been fixed.
Through a tweet, Algodex stated that a malicious person had infiltrated a company wallet just two days ago. According to the crypto exchange Algodex, this “appears similar to what is currently happening in the Algorand ecosystem.”
Before the attack, the crypto exchange had taken precautions, including moving a significant portion of its stablecoins and native Algodex (ALGX) tokens to a secure platform. The leaked wallet was tied to Algodex’s liquidity rewards program, providing additional liquidity to the ALGX token.
This resulted in the malicious actor being able to remove Algo and ALGX from the Tinyman pool we created to provide additional liquidity to the ALGX token.
Algodex had also said it received $25,000 worth of LGX tokens to provide certain liquidity rewards. The exchange later reports that this loss will be fully compensated.
It was stated that the total loss from this attack was approximately $55,000. That said, the exchange clarified that Algodex and ALGX liquidity was not affected in any way.
MyAlgo has issued several warnings
The wallet service provider has issued many warnings following the February 19-21 security breach; this attack led to losses of nearly $9.2 million. MyAlgo tweeted a week later, stating that this was a targeted attack primarily against a group of high-profile MyAlgo accounts.
The exchange has not been able to determine the cause of the attack. John Wood, chief technology officer on the network committee of the Algorand Foundation’s network governing body, confirmed that the exploit affected 25 accounts.
The blog post from the Algorand Foundation read:
We want to clarify the unauthorized and continued access and movement of assets of users of MyAlgo Wallet. MyAlgo is a third-party wallet provider, not directly affiliated with Algorand Inc or the Algorand Foundation. The Algorand protocol is not compromised.
It appears that this is an ongoing attack and all MyAlgo Wallet users should immediately remove their assets from wallets that have interacted with the MyAlgo platform. Users must withdraw or re-introduce funds into newly created accounts outside of MyAlgo, or into a hardware wallet.
The wallet provider for the Algorand network has issued new warnings for users. MyAlgo had encouraged everyone to take precautions to protect their assets by transferring funds or reopening accounts.
This is not due to an underlying issue with the Algorand protocol or the SDK.
Featured image of UnSplash, chart from TradingView.com