Algorand Foundation, the not-for-profit organization supporting the Algorand Protocol, has released an action statement in wake of the recent exploit of the ecosystem.
Noting that it has been a truly difficult time for the Algorand community, it says the security breach has impacted several users of MyAlgo Wallet, a third-party wallet by Rand Labs.
This has been a truly difficult time for the Algorand community. The security breach has impacted a number of users of the MyAlgo Wallet, a third-party wallet by Rand Labs.
— Algorand Foundation (@AlgoFoundation) March 7, 2023
To investigate and combat this on behalf of those impacted, the Algorand Foundation says it is onboarding Halborn, a leading blockchain security firm.
It further added that it had engaged Chainalysis, a blockchain analysis firm, to help trace compromised wallet transfers and freeze funds deposited in exchanges that integrate and act upon Chainalysis data.
Additionally, it states that investigations are still ongoing with the appropriate law enforcement agencies to recover the funds that have been stolen from exchanges and partners: ChangeNow, Kucoin and Circle. All of these entities are aware of the attacker’s wallet addresses.
Those who are impacted are urged to get in touch and share information. Also, it issued a warning to users who still had assets in their MyAlgo Wallets to immediately withdraw funds to, or rekey to, newly created accounts outside of MyAlgo, or to a hardware wallet.
Algorand Foundation clarifies exploit
In a thread of tweets on March 6, the Algorand Foundation made some clarifications on the recent unauthorized access and movement of assets from selected users’ third-party wallets.
It says that due diligence was performed on the Algorand protocol and the SDK for vulnerabilities, and none were found.
Users of @myalgo_ should withdraw funds now to newly created accounts (outside of MyAlgo), or rekey to another wallet created outside of MyAlgo or to a hardware wallet.
— Algorand Foundation (@AlgoFoundation) March 6, 2023
While it remains in close contact with MyAlgo team as the investigation continues, it clarifies that MyAlgo is a third-party wallet provider and not directly associated with Algorand Inc. or the Algorand Foundation.
It relays the information provided by the MyAlgo team that security issues are yet to be identified and the platform’s audit is ongoing as it awaits data from CDNs and VPS providers.