On Monday evening, the Twitter account Algo Surf reported that several Algorand accounts had been hacked, with at least three users losing significant amounts of funds. The value of the hacked ALGO amounts to over $1 million USD, with one user losing over 1.2 million ALGO, or roughly $350,000 USD.
📢 PSA 🔄 #Algofam Within the past 24H, the following #Algorand addresses have been hacked or suspected so (…emptied out on changenow; most were idle for a month+)
Totals: ~3.4M $ALGOhttps://t.co/fyGsskrAsR
357K to changenow
… 1/4
— Algo Surf (@Algo_Surf) February 21, 2023
265'000 #ALGO
3PLI5DQRPE3WJBXK7IWYKB7CR3K76QNYAFPBVOGBBWY2TJG7KPWRIJIC4Ahttps://t.co/T9VEThFZ2g
Hacker
5B3XO2LKOPPEBSNB436VUSYMR67O6NNNXHDN2OC2YYZIUHNOESBGWK3J4QNEED HELP#Hacking
— MD B♡B (@bobtessier) February 20, 2023
Algorand user reporting they have been hacked on Hackforums:
What is Algorand?
Algorand (ALGO) is a digital currency and blockchain platform that facilitates the processing of numerous transactions, much like established payment processors such as Mastercard or Visa. Algorand can also host other cryptocurrencies and blockchain-based projects, positioning it as a direct competitor to Ethereum. The platform’s native currency, ALGO, is utilized to secure the Algorand blockchain and cover processing fees for Algorand-based transactions.
Algorand operates as an open-source blockchain, which means that anyone can access and contribute to the platform’s code. The platform employs a unique operating protocol known as pure proof-of-stake (PoS), which selects network validators from a pool of users.
Silvio Micali, a renowned cryptographer, and professor at the Massachusetts Institute of Technology founded the Algorand platform and its accompanying cryptocurrency in 2017. The total supply of ALGO is restricted to 10 billion coins, and approximately 7 billion ALGO are currently in circulation.
Large deposits leading to ChangeNow exchange
The non-custodial exchange ChangeNow saw its largest influx of ALGO ever on February 20th, including some large deposits leading back from the hacked wallets.
Algo Surf suggested in their Twitter thread that the hack may have been related to an iPhone exploit, which was supposedly patched on iOS last week. However, it is still unclear if this is the definite exploit used in these malicious attacks.
Practice safe centralized exchange (CEX) usage
Algorand users are advised to take several precautions to keep their ALGO safe. These include never sharing their 25-word seed phrase with anyone, creating a new wallet and transferring funds if they suspect their account has been compromised, being careful when using dApps and not opting into smart contracts that they don’t fully trust, and being cautious when accessing websites in the ecosystem, as phishing sites may be promoted.
Users are also advised never to store their seed phrase digitally, always use two-factor authentication whenever possible, and use a separate phone or computer to handle their crypto-related interactions, keeping it up-to-date and free of any suspicious apps or programs.