Algorand facing criticism for ignoring the week-old MyAlgo wallet hack

Updated: 08 March 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

Over a week ago, on February 27th, wallet provider MyAlgo posted an urgent recommendation to its users, advising them to withdraw funds from Mnemonic wallets stored in MyAlgo. This was, of course, in response to the wallet drain hack that targeted the wallet users and Algorand holders.

IMPORTANT: ⚠️We strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo. As we still don't know the root cause of recent hacks, we encourage everyone to take precautionary measures to protect their assets. Thank you for your understanding.

— MyAlgo (@myalgo_) February 27, 2023

However, Algorand itself failed to react or even acknowledge and address the issue. According to ZachXBT, the self-described “on-chain sleuth,” the project’s users have lost millions of dollars in the attack. However, Algorand continues to behave as if nothing happened, doing next to nothing to help the affected individuals.

How about you clowns actually acknowledge the on-going attack stealing millions from community members and assist them. https://t.co/yPrCS9reRH

— ZachXBT (@zachxbt) March 6, 2023

MyAlgo says that the attack’s root remains unknown

Addressing the project, ZachXBT said, “How about you clowns actually acknowledge the ongoing attack stealing millions from community members and assist them.“

MyAlgo, on the other hand, stated that the attacks’ root remains unknown, but they did issue a warning, notifying the community and proposing the course of action. According to ZachXBT, the hackers have stolen more than $9.2 million, primarily comprised of 19.5 million ALGO, with the addition of 3.5 million USDC. ZachXBT estimates that this amount was taken between February 19th and 21st.

After MyAlgo issued its initial warning, more than a week passed with Algorand failing to react. This caused ZachXBT to condemn the project for its inaction and failure to close off the hackers’ off-ramping avenues. He pointed out the project’s neglect of its own community, calling it unacceptable. He also noted that the community, himself included, was forced to share the attacker’s addresses with exchanges on their own while Algorand remained silent.

Worse than that, after collating tweets from other community members, ZachXBT was also able to confirm that the attack is still ongoing as of March 7th.

Algorand Foundation finally responds

Algorand Foundation finally admitted the problem on March 6th, when it summarized the situation. The Foundation noted that it did launch an investigation of the incident, but it revealed no protocol or software development kit flaws and vulnerabilities, insisting that the Algorand protocol remains robust and secure.

The Foundation further added that it has been in contact with the MyAlgo wallet provider, and it confirmed that it also did not find any vulnerabilities. However, since the attack did happen, and it is still happening, the inquiries are still ongoing.

Despite finally acknowledging the hack, the Algorand Foundation’s biggest move was to distance itself from the wallet. It noted that the wallet is a third-party product with no direct association with the foundation or the protocol itself. As for the users, the Foundation echoed the initial advice to withdraw or to switch to a different wallet provider or even a hardware wallet.

Smog (SMOG) - Meme Coin With Rewards

Rating