In the earlier hours of today, the Twitter account of blockchain security firm “Peckshield Alert” sounded an alert to the crypto community that one of the corporate wallets of the decentralized limit order exchange on Algorand, Algodex, had been infiltrated by a malicious actor.
#PeckShieldAlert @AlgodexOfficial reported that a malicious actor infiltrated 1 of their corporate wallets (w/s ~55k)
The exploit seems to share similarities with the ongoing incidents in the #Algorand ecosystem@myalgo_ alerted users to withdraw funds/rekey funds to new account https://t.co/G7nhlzMebF— PeckShieldAlert (@PeckShieldAlert) March 7, 2023
In light of this, Algorand wallet provider MyAlgo issued a dire warning to its users to withdraw their funds or rekey their funds to new accounts as soon as possible, telling them not to wait.
All users of MyAlgo must withdraw their funds or rekey their funds to new accounts asap! ⚠️🚨 Do not wait!!
Create new account:https://t.co/FhRCndPvfShttps://t.co/mj57KBg8Ml
Rekey Account Instructions:
Pera: https://t.co/PZog8fw0tO
Defly: https://t.co/PZog8fw0tO— MyAlgo (@myalgo_) March 6, 2023
Algodex’s official Twitter account recounts what happened. It stated that early on March 5, 2023, one of its corporate wallets was infiltrated by a malicious actor. This attack, it says, appears to be similar to what is currently happening in the Algorand ecosystem.
Everyone,
Early on March 5, 2023, one of our company wallets was infiltrated by a malicious actor. This attack appears to be similar to what is currently happening in the #Algorand ecosystem.
A thread 👇
— Algodex (@AlgodexOfficial) March 6, 2023
The infiltrated wallet was tied to its liquidity rewards program for users of Algodex and for providing liquidity on “Tinyman,” a decentralized trading protocol on the Algorand blockchain.
Speaking on the losses, it says the impact was not material, but ALGX tokens valued at about $25,000 earmarked to provide liquidity rewards to users of Algodex were stolen. It promises to replace this in full.
Also, ALGX and ALGO tokens valued at over $30,000 were removed from the Tinyman DEX. According to it, the total loss from the theft was less than $55,000, and the theft did not impact Algodex, any Algodex users, or the liquidity of ALGX on Algodex.
Algorand CEO comments on Algorand thefts
In a Twitter thread, Algorand Foundation CEO Staci Warden spoke on the action taken by the protocol in wake of the recent thefts happening in the Algorand ecosystem. She reassures users once more that it is not the protocol and further adds, “It’s also not phishing as we first maybe thought.”
Everyone or almost everyone is impacted. This “person” (l will refrain from other words that come to mind) is moving balances from highest to lowest out of myalgo wallet. We are trying to help Rand Labs figure out where was the vulnerability, but honestly they still have no idea.
— staci.algo (@StaciW_DC) March 7, 2023
She continued, “Everyone, or almost everyone, is impacted. This person is moving balances from highest to lowest out of MyAlgo wallet. We are trying to help Rand Labs figure out where was the vulnerability, but honestly, they still have no idea.”
The Algorand Foundation CEO adds, “I have also lost funds in this, but I can’t begin to imagine the pain folks are feeling. I guess I just wanted to say something from me unofficially as well, about how sorry I am for all of our community.”
Source: https://u.today/algorands-myalgo-wallet-issues-urgent-alert-to-users-heres-reason