Algorand Wallet MyAlgo Urges Users to Withdraw Funds After $9.2M Exploit

Algorand-centric wallet MyAlgo told users they “strongly advise” withdrawing any funds from mnemonic wallets that were stored in MyAlgo, following reports of an attack worth just under $9.2 million.

MyAlgo did not release the estimated figures involved in the attack, but blockchain sleuth ZachXBT said it is suspected that over $9.2 million was stolen between February 19 and February 21, citing data from blockchain intelligence platform TRM Labs.

The service confirmed that it experienced an attack over one week ago and said that no additional movement has happened since.

MyAlgo said that it did not know the root cause of the hack, but urged users to “take precautionary measures to protect their assets.”

Crypto swap platform ChangeNow is thought to have frozen $1.5 million in funds relating to the attack, as per TRM’s data.

Algorand Foundation CTO John Woods said the attack, which he said impacted an estimated 25 accounts, was “not the result of an underlying issue with the Algorand protocol or SDK.”

The CTO advised MyAlgo users to rekey to “a ledger or other 3rd party wallet as a precautionary measure.”

Rekeying is a feature of the Algo protocol lets users keep their public wallet address while changing their private spending keys, which could be used to empty their wallet.

Woods went on to say that once the investigation finalizes, he will post an explainer video detailing what happened and how users can safeguard themselves in the future.