According to Algorand developer collective D13, $8.6 million worth of cryptocurrency may have been stolen via the Algorand wallet MyAlgo.
February 27 theft advisory report
A total of 17 addresses have been confirmed compromised with at least $7.2MM stolen in $ALGO, $USDC and other assets. A further $1.4MM is suspected compromised in 4 more addresses.
D13 said it has been investigating the issue since the first day, 20th of February.
📢 PSA 🔄 #Algofam Within the past 24H, the following #Algorand addresses have been hacked or suspected so (…emptied out on changenow; most were idle for a month+)
— Algo Surf (@Algo_Surf) February 21, 2023
Totals: ~3.4M $ALGOhttps://t.co/fyGsskrAsR
357K to changenow
… 1/4
The group offered two possible explanations for this incident. It states that users may have stolen wallet seed phrases through phishing or social engineering attacks, or MyAlgo.com may have been attacked and leaked unencrypted private keys.
D13 recommended that users “rekey” their MyAlgo wallets (a process similar to changing passwords on other accounts) or move their funds elsewhere.
MyAlgo also advise users move funds out of MyAlgo mnemonic wallet
IMPORTANT: ⚠️We strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo. As we still don't know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.
— MyAlgo (@myalgo_) February 27, 2023