Several high-profile MyAlgo wallet users have lost their funds in a targeted attack, according to a tweet from MyAlgo on February 26. MyAlgo is a web-based interface that allows users to access and manage their Algorand assets, a cryptocurrency platform that aims to create a borderless economy.
According to MyAlgo, the attacked users had significant funds in their accounts and were using mnemonic wallets with the key stored in the browser. None were using hardware wallets, which are more secure devices that store private keys offline.
MyAlgo stated that they use state-of-the-art encryption and undergo security audits regularly. They also said that they have been advocating for the use of hardware and multisig wallets since the inception of their platform.
However, they admitted that private keys stored in browsers are vulnerable to malware and phishing attacks, especially on everyday devices. They encouraged users to avoid storing large amounts of funds in hot wallets (mnemonic) and to use hardware wallets instead to protect their funds, especially for long-term staking.
Alerting users
The firm also noted that they have communicated with the affected victims since the attack happened to identify the root cause of it. They also said that they would continue to work closely with the authorities and carry out a thorough investigation.
They advised all users to withdraw any funds from mnemonic wallets stored in MyAlgo as a precautionary measure. Adding that they will be working on changes to the user experience of MyAlgo to help promote the implementation of best practices to protect funds.
This event serves as a reminder of the crypto industry’s risks and challenges. Cyber attacks in the crypto industry continue to grow in number and sophistication, targeting not only crypto exchanges but also DeFi protocols, bridges, and social media platforms.
In 2022, DeFi protocols were the target of some of the most significant crypto breaches, including the $625 million theft from the Ronin network used by the video game Axie Infinity on March 1. Recent investigations have linked some of these crimes to hackers with ties to North Korea.
