Algorand-based wallet provider MyAlgo is warning users to withdraw assets from all wallets created with mnemonic phrases, as the company continues to investigate a breach that resulted in a $10 million loss. The wallet provider tweeted on February 26, warning users of a "targeted attack on a group of high-profile MyAlgo accounts."
MyAlgo further explained that the attacked users had large amounts of assets in their accounts and were using mnemonic hot wallets with private keys stored in their browsers. The team added that the bug did not affect hardware wallet users.
The wallet provider said it is working with affected parties and authorities to investigate the incident. However, in an update on Monday, the team strongly advised all users to transfer any funds from their seed phrase wallets stored in MyAlgo, as it still does not know the root cause of the hack. According to blockchain investigator ZachXBT, hackers stole 19.5 million ALGO and 3.5 million USDC worth $9.6 million from victims.
However, centralized exchange ChangeNow froze $1.5 million in stolen funds after attackers attempted to launder money through the platform. Algorand’s CTO John Wood noted that the incident affected 25 wallets, while clarifying that the vulnerability was not caused by “an underlying issue with the Algorand network or SDK.”
The CTO said he would create an explainer video on how the exploit happened and how users can protect themselves once the investigation is over.
