Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Algorand ecological wallet MyAlgo issued a reminder on Twitter that the hack occurred more than a week ago, and no other actions have taken place since then. The attacked users all had large amounts of funds on their accounts and used mnemonic wallets with keys stored in the browser. ZachXBT, an on-chain data analyst, tweeted: “Due to the attack on MyAlgo, Algorand’s ecological wallet, from February 19th to 21st, more than $9.2 million in assets (19.5 million ALGOs, 3.5 million USDCs, etc.) may have been stolen on Algorand. ChangeNow shared that they were able to freeze $1.5 million.” Attack method (per SlowMist): Mnemonic Vulnerability. Reported loss: $ 9,200,000.
- chain
- —
- protocol
- MyAlgo
- bug_class
- private-key
- date_occurred
- 2023-02-28
- loss_usd
- $9,200,000
- source_id
- sm:myalgo::2023-02-28