On Monday evening, the Twitter account Algo Surf reported that several Algorand accounts had been hacked, with at least three users losing significant amounts of funds. The value of the hacked ALGO amounts to over $1 million USD, with one user losing over 1.2 million ALGO, or roughly $350,000 USD.
357K to changenow
— Algo Surf (@Algo_Surf) February 21, 2023
— Rob Tessier (@bobtessier) February 20, 2023
Algorand user reporting they have been hacked on Hackforums:
What is Algorand?
Algorand (ALGO) is a digital currency and blockchain platform that facilitates the processing of numerous transactions, much like established payment processors such as Mastercard or Visa. Algorand can also host other cryptocurrencies and blockchain-based projects, positioning it as a direct competitor to Ethereum. The platform’s native currency, ALGO, is utilized to secure the Algorand blockchain and cover processing fees for Algorand-based transactions.
Algorand operates as an open-source blockchain, which means that anyone can access and contribute to the platform’s code. The platform employs a unique operating protocol known as pure proof-of-stake (PoS), which selects network validators from a pool of users.
Silvio Micali, a renowned cryptographer, and professor at the Massachusetts Institute of Technology founded the Algorand platform and its accompanying cryptocurrency in 2017. The total supply of ALGO is restricted to 10 billion coins, and approximately 7 billion ALGO are currently in circulation.
Large deposits leading to ChangeNow exchange
The non-custodial exchange ChangeNow saw its largest influx of ALGO ever on February 20th, including some large deposits leading back from the hacked wallets.
Algo Surf suggested in their Twitter thread that the hack may have been related to an iPhone exploit, which was supposedly patched on iOS last week. However, it is still unclear if this is the definite exploit used in these malicious attacks.
Practice safe centralized exchange (CEX) usage
Algorand users are advised to take several precautions to keep their ALGO safe. These include never sharing their 25-word seed phrase with anyone, creating a new wallet and transferring funds if they suspect their account has been compromised, being careful when using dApps and not opting into smart contracts that they don’t fully trust, and being cautious when accessing websites in the ecosystem, as phishing sites may be promoted.
Users are also advised never to store their seed phrase digitally, always use two-factor authentication whenever possible, and use a separate phone or computer to handle their crypto-related interactions, keeping it up-to-date and free of any suspicious apps or programs.