MyAlgo, a popular wallet provider for the Algorand (ALGO) network, has issued a warning to its users amid an ongoing exploit that resulted in the theft of funds worth an estimated $9.2 million. The company has advised users to withdraw funds from any wallet created with a seed phrase due to the vulnerability of such wallets to the exploit. While the company is unsure of the cause of the recent wallet attacks, it has encouraged everyone to take precautionary measures to protect their assets.

According to a MyAlgo tweet, a targeted attack was carried out against a group of high-profile MyAlgo accounts, apparently taking place over the past week. The namesake “chain detective”, ZachXBT, has described in a tweet that the exploit has stolen over $9.2 million, with crypto exchange ChangeNOW able to freeze around $1.5 million in funds.

The exploit primarily affects users who had mnemonic wallets with the key stored in an internet browser, according to MyAlgo. A mnemonic wallet typically uses 12-24 words to generate a private key. The vulnerability of such wallets to the exploit has been highlighted by the Algorand-focused developer collective D13.co, which published a report that eliminated multiple potential exploit vectors, such as malware or operating system vulnerabilities. The report determined that the “most likely” scenarios were that affected users’ seed phrases were compromised via social engineering phishing attacks or the MyAlgo website was compromised, leading to “targeted exfiltration of unencrypted private keys”.

John Wood, CTO of the Algorand Foundation, has confirmed that around 25 accounts were affected by the exploit. He added that the exploit “is not the result of an underlying problem with the Algorand protocol” or its software development kit.

MyAlgo has stated that it will continue to work with authorities and conduct a thorough investigation to determine the root cause of the attack. The company has advised its users to take precautionary measures and withdraw funds from wallets created with a seed phrase.

In conclusion, the ongoing exploit has resulted in the theft of millions of dollars in funds from the Algorand network. The vulnerability of mnemonic wallets with the key stored in an Internet browser was highlighted, and users are advised to take precautionary measures to protect their assets. MyAlgo and other relevant authorities are working to investigate the attack and determine its root cause to prevent future incidents.