Crypto exchange Algodex and wallet provider MyAlgo have undergone multiple security breaches over the past few weeks. Today, MyAlgo has issued another warning stating that users should withdraw their funds as the recent security breach has not been tackled yet.
Through a tweet, Algodex stated that a malicious actor had infiltrated one corporate wallet just two days ago. According to the crypto exchange Algodex, this “seems similar to what is happening in the Algorand ecosystem right now.”
Before the attack, the crypto exchange had taken precautions, which included moving a considerable volume of its stablecoins and native Algodex (ALGX) tokens to a secure platform. The leaked wallet was tied to Algodex’s liquidity rewards program, providing extra liquidity to the ALGX token.
Algodex stated:
This resulted in the malicious actor being able to remove Algo and ALGX from the Tinyman pool we created to provide additional liquidity to the ALGX token.
Algodex had also mentioned that it had received $25,000 in LGX tokens to provide certain liquidity rewards. The exchange later states that this loss shall be fully compensated.
It was mentioned that the total loss from this attack amounted to somewhere near $55,000. Having stated that, the exchange clarified that the liquidity of Algodex and ALGX was not affected in any manner.
MyAlgo Issued Several Warnings
The wallet service provider has issued many warnings following the February 19–21 security breach; this attack has caused losses of close to $9.2 million. MyAlgo tweeted a week later, stating that this was a targeted attack mainly against a group of high-profile MyAlgo accounts.
The exchange has not been able to identify the cause of the attack. John Wood, chief technology officer on the network’s committee at the networks governance body of the Algorand Foundation, confirmed that the exploit affected 25 accounts.
The Algorand Foundation blog post read:
We want to provide clarity regarding the unauthorized and ongoing access and movement of assets from users of MyAlgo Wallet. MyAlgo is a third-party wallet provider, not directly associated with Algorand Inc or the Algorand Foundation. The Algorand protocol has not been compromised.
It appears that this is an ongoing attack and all MyAlgo Wallet users need to immediately move their assets out of wallets that have interacted with the MyAlgo platform. Users should withdraw funds to, or rekey to, newly created accounts outside of MyAlgo, or to a hardware wallet.
The wallet provider for the Algorand network issued fresh warnings for users. MyAlgo had encouraged everyone to take precautionary measures to protect their assets by transferring funds or rekeying the accounts.
Wood stated:
This is not the result of an underlying issue with the Algorand protocol or SDK.
Source: https://bitcoinist.com/algorand-crypto-wallet-myalgo-security-breach-again/