Algorand (ALGO) CTO Gives Update on Recent Exploit Impacting Multiple Accounts
Algorand CTO John Alan Woods has shared an update on the thefts reported on MyAlgo wallets in the past week.
According to Woods, the exploit, which impacted over 25 accounts, remains under investigation. However, while the investigation is ongoing, he advises MyAlgo hot wallet users to consider rekeying to a ledger or other third-party wallet as a precautionary measure.
1/n Update on the exploit impacting ~25 accounts: from our investigation, this is not the result of an underlying issue with the Algorand protocol or SDK.
— John Woods (@JohnAlanWoods) February 27, 2023
Rekeying is a feature of the Algorand blockchain that is akin to «changing passwords.»
The Algorand CTO stressed that the exploit did not result from an underlying issue with the Algorand protocol or SDK. He said that once the investigation is concluded, he will share an explainer video covering how the exploit happened and how users can safeguard themselves in the future.
Impact of Feb. 20 Algorand theft
The Algorand-focused developer collective’s Twitter account, D13.co, shared a preliminary advisory report on the Feb. 20 Algorand thefts.
Preliminary report; our views on the Algorand 20-02-2023 thefts.
We believe there is reasonable doubt about the human error interpretation, and enough cause for concern to follow @myalgo_ recommendation to move funds.
We discuss possibilities.
1/https://t.co/VBlckeg8dS
— D13.co (@d13_co) February 28, 2023
According to the report, «there is a non-zero chance of a MyAlgo wallet software compromise leading to the theft of at least $7.2 million worth of assets on the Algorand blockchain. We recommend rekeying MyAlgo accounts to fresh private keys or simply moving funds where possible.»
A total of 17 addresses were confirmed as compromised, with at least $7.2 million stolen in ALGO, USDC and other assets. A further $1.4 million was suspected to have been compromised on four more addresses.
It adds that of the 13 addresses identified on the day of the attacks as «suspicious/highly suspicious,» 12 have now been confirmed, and a further five new addresses have been confirmed so far by impacted users coming forward.
Meanwhile, four more addresses were identified by Rand Labs, bringing the total affected accounts to 25.
Bitcoin 
Ethereum 
Tether 
USDC 
Dogecoin 
Cardano 
TRON 
Bitcoin Cash 
Chainlink 
Polygon 
Litecoin 
LEO Token 
Dai 
Ethereum Classic 
Hedera 
Cosmos Hub 
Cronos 
Stellar 
Stacks 
OKB 
VeChain 
Maker 
Monero 
Theta Network 
Algorand 
NEO 
Gate 
KuCoin 
Tezos 
EOS 
Synthetix Network 
IOTA 
Tether Gold 
Bitcoin Gold 
TrueUSD 
Enjin Coin 
Zilliqa 
Holo 
0x Protocol 
Ravencoin 
Siacoin 
Qtum 
Basic Attention 
Zcash 
Dash 
NEM 
Decred 
Ontology 
Lisk 
Waves 
ICON 
DigiByte 
Status 
Pax Dollar 
Numeraire 
Nano 
Steem 
Hive 
Huobi 
OMG Network 
BUSD 
Ren 
Bitcoin Diamond 
Bytom 
Kyber Network Crystal Legacy 
HUSD 
Energi 
Augur 