Algorand-based wallet provider MyAlgo has again urged users to withdraw their funds after a February security breach which doesn’t appear to have been resolved.
Meanwhile, decentralized exchange Algodex has revealed a malicious actor infiltrated a company wallet on March 5 in what “appears to be similar to what is currently happening in the Algorand ecosystem,” it said in a tweet.
In a March 6 post, Algodex explained that a malicious actor infiltrated a company wallet during the early hours of the previous morning.
Algodex took precautions before the attack, including moving the bulk of its USD Coin (USDC) and native Algodex (ALGX) tokens to secure locations.
However, the infiltrated wallet was tied to Algodex’s liquidity rewards program and was responsible for providing extra liquidity to the ALGX token.
“This resulted in the malicious actor being able to remove the Algo and ALGX in the Tinyman pool created by us to provide additional liquidity to the ALGX token,” Algodex said.
The exchange noted that $25,000 in ALGX tokens allocated to provide liquidity rewards were taken but said it would replace this in full.
It added that the total loss from the theft was less than $55,000, but Algodex users and the liquidity of ALGX were not affected.
Meanwhile, the wallet provider for the Algorand network, MyAlgo, has renewed warnings for users to withdraw their assets or rekey their funds to new accounts as soon as possible.
Multiple warnings have been issued after a Feb. 19–21 security breach at MyAlgo, which resulted in losses of around $9.2 million.
On Feb. 27, the MyAlgo team tweeted a warning of a targeted attack carried out “against a group of high-profile MyAlgo accounts” conducted over the past week.
The wallet provider further stated the cause for the wallet hack was unknown and encouraged “everyone to take precautionary measures to protect their assets” by transferring funds or rekeying accounts.
John Wood, chief technology officer at the networks governance body, the Algorand Foundation, went on Twitter the same day, saying around 25 accounts were affected by the exploit.
“This is not the result of an underlying issue with the Algorand protocol or SDK,” he said.