Meta/crypto

Algodex reveals wallet infiltrated by ‘malicious’ actor as MyAlgo renews warning: Withdraw now

Algorand-based wallet provider MyAlgo has again urged users to withdraw their funds after a February security breach which doesn’t appear to have been resolved.

Update: Funds are still being actively drained from MyAlgo users. https://t.co/fzkS9PFkAm pic.twitter.com/cgrWigu2Wn

— ZachXBT (@zachxbt) March 6, 2023

meanwhile, decentralized exchange Algodex has revealed a malicious actor infiltrated a company wallet on Mar. 5 in what “appears to be similar to what is currently happening in the Algorand ecosystem,” it said in a Twitter post.

In a Mar. 6 postAlgodex explained that during the early hours of the previous morning, a company wallet was infiltrated by a malicious actor.

According to Algodex, precautions were taken before the attack, including moving the bulk of their USDC and treasury tokens ALGX tokens to secure locations.

#PeckShieldAlert @AlgodexOfficial reported that a malicious actor infiltrated 1 of their corporate wallets (w/s ~55k)
The exploit seems to share similarities with the ongoing incidents in the #Algorand ecosystem@myalgo_ alerted users to withdraw funds/rekey funds to new account https://t.co/G7nhlzMebF

— PeckShieldAlert (@PeckShieldAlert) March 7, 2023

However, the infiltrated wallet was tied to Algodex’s liquidity rewards program and was responsible for providing extra liquidity to the ALGX token.

“This resulted in the malicious actor being able to remove the Algo and ALGX in the Tinyman pool created by us to provide additional liquidity to the ALGX token,” Algodex said.

The exchange noted that $25,000 in ALGX tokens meant to provide liquidity rewards were taken but said it would replace this in full.

It added that the total loss from the theft was less than $55,000, but Algodex users and the liquidity of ALGX were not affected.

Meanwhile, the wallet provider for the Algorand networkMyAlgo, has renewed warnings for users to withdraw their assets or rekey their funds to new accounts as soon as possible.

All users of MyAlgo must withdraw their funds or rekey their funds to new accounts asap! ⚠️ Don’t wait!!

Create new account:https://t.co/FhRCndPvfShttps://t.co/mj57KBg8Ml

Rekey Account Instructions:
Pera: https://t.co/PZog8fw0tO
Defly: https://t.co/PZog8fw0tO

— MyAlgo (@myalgo_) March 6, 2023

Multiple warnings have been issued on the tail end of a Feb. 19 to Feb. 21 security breach at MyAlgowhich resulted in losses of around $9.2 million.

On Feb 27, the MyAlgo team tweeted a warning of a targeted attack carried out “against a group of high-profile MyAlgo accounts” conducted over the past week.

Related: 7 DeFi protocol hacks in Feb see $21 million in funds stolen: DefiLlama

The wallet provider further stated the cause for the wallet hack was unknown and encouraged “everyone to take precautionary measures to protect their assets” by transferring funds or rekeying accounts.

Algodex, Lofty and AlgoCasino were all hit March 5th

This seems to be a little more than phishing as per experts in the field

It has been strongly advised by people smarter than me that we A) Rekey accounts B) Send tokens to a brand new non-MyAlgo wallet C) Rekey to cold wallet https://t.co/nS2frvmmyT

— AndrewW.algo (@AndrewWindmills) March 6, 2023

John Wood, chief technology officer at the networks governance body the Algorand Foundation, went on Twitter the same day, saying around 25 accounts were affected by the exploit.

“This is not the result of an underlying issue with the Algorand protocol or SDK,” he said at the time.

Related posts

Metaverse sneak peek: Project aims to build a creator-focused economy through blockchain

TechLifely

Crypto scams fall 65% after gullible noobs exit the market: Chainalysis

TechLifely

El Salvador will buy its cheapest 410 bitcoin when prices hit $36,000

TechLifely

Leave a Comment