Algodex reveals wallet infiltrated by ‘malicious’ actor as MyAlgo renews warning: Withdraw now

399
SHARES
2.3k
VIEWS



Algorand-based wallet provider MyAlgo has again urged users to withdraw their funds after a February security breach which doesn’t appear to have been resolved.

Meanwhile, decentralized exchange Algodex has revealed a malicious actor infiltrated a company wallet on Mar. 5 in what “appears to be similar to what is currently happening in the Algorand ecosystem,” it said in a Twitter post.

In a Mar. 6 post, Algodex explained that during the early hours of the previous morning, a company wallet was infiltrated by a malicious actor.

According to Algodex, precautions were taken before the attack, including moving the bulk of their USDC and treasury tokens ALGX tokens to secure locations.

However, the infiltrated wallet was tied to Algodex’s liquidity rewards program and was responsible for providing extra liquidity to the ALGX token.

“This resulted in the malicious actor being able to remove the Algo and ALGX in the Tinyman pool created by us to provide additional liquidity to the ALGX token,” Algodex said.

The exchange noted that $25,000 in ALGX tokens meant to provide liquidity rewards were taken but said it would replace this in full.

It added that the total loss from the theft was less than $55,000, but Algodex users and the liquidity of ALGX were not affected.

Meanwhile, the wallet provider for the Algorand network, MyAlgo, has renewed warnings for users to withdraw their assets or rekey their funds to new accounts as soon as possible.

Multiple warnings have been issued on the tail end of a Feb. 19 to Feb. 21 security breach at MyAlgo, which resulted in losses of around $9.2 million.

On Feb. 27, the MyAlgo team tweeted a warning of a targeted attack carried out “against a group of high-profile MyAlgo accounts” conducted over the past week.

Related: 7 DeFi protocol hacks in Feb see $21 million in funds stolen: DefiLlama

The wallet provider further stated the cause for the wallet hack was unknown and encouraged “everyone to take precautionary measures to protect their assets” by transferring funds or rekeying accounts.

John Wood, chief technology officer at the networks governance body the Algorand Foundation, went on Twitter the same day, saying around 25 accounts were affected by the exploit.

“This is not the result of an underlying issue with the Algorand protocol or SDK,” he said at the time.