Azoundria: COMPLETE Another 30 minutes. Integrated the Reddit thread into the wiki. Information from about section moved to other sections. Added information on technical analysis. Integrated a few different sources into the article.

2024-02-01T19:42:55Z

COMPLETE Another 30 minutes. Integrated the Reddit thread into the wiki. Information from about section moved to other sections. Added information on technical analysis. Integrated a few different sources into the article.

Show changes

Azoundria: COMPLETE Another 30 minutes. Integrated the Reddit thread into the wiki.

2024-02-01T17:08:48Z

COMPLETE Another 30 minutes. Integrated the Reddit thread into the wiki.

← Older revision		Revision as of 11:08, 1 February 2024
Line 109:		Line 109:
	\|Reddit Post		\|Reddit Post
	\|A Reddit post advises against the typical strategy of buying and holding cryptocurrencies long-term, citing the MyAlgo wallet exploit as one potential pitfall with that strategy.		\|A Reddit post advises against the typical strategy of buying and holding cryptocurrencies long-term, citing the MyAlgo wallet exploit as one potential pitfall with that strategy.
			\|-
			\|March 9th, 2023 8:11:31 PM MST
			\|MyAlgo Recovery Fund Shot Down
			\|A Reddit post discusses the Algorand community facing a split opinion on a proposed 50 million ALGO recovery fund to assist victims of the myAlgo wallet exploit. Borderless Capital, an Algorand Venture Capital firm, suggested the fund to alleviate losses caused by the exploit<ref name=":0">[https://old.reddit.com/r/CryptoCurrency/comments/11ncykj/algorand_community_nearunanimously_disapproves_of/ Algorand community near-unanimously disapproves of a potential last-minute governance proposal for a 50M ALGO recovery fund to help offset myAlgo victims - Reddit] (Jan 31, 2023)</ref>. However, the community is near-unanimously disapproving of the proposal due to concerns about rushing into a solution without thorough evaluation. Many community members argue that changing governance in the middle of a period sets a bad precedent and could lead to unintended consequences. Some express worries about funding attackers and suggest waiting for more information before making a decision. Overall, the community emphasizes the importance of a rational approach to address the aftermath of the exploit without exacerbating the situation<ref name=":0">[https://old.reddit.com/r/CryptoCurrency/comments/11ncykj/algorand_community_nearunanimously_disapproves_of/ Algorand community near-unanimously disapproves of a potential last-minute governance proposal for a 50M ALGO recovery fund to help offset myAlgo victims - Reddit] (Jan 31, 2023)</ref>.
	\|-		\|-
	\|March 18th, 2023 9:01:42 AM MDT		\|March 18th, 2023 9:01:42 AM MDT

Azoundria: Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/myalgowebwalletjavascriptcdnexploit.php}} {{Unattributed Sources}} MyAlgo Wallet Homepage/LogoWeb-based wallet MyAlgo users found that their assets were being removed from their wallets starting in February 2023. The exploit remained unknown until April 2023, at which time it was revealed that malicious JavaScript code must have been injected on January 21st. The total lo..."

2024-01-18T20:36:38Z

Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/myalgowebwalletjavascriptcdnexploit.php}} {{Unattributed Sources}} thumb|MyAlgo Wallet Homepage/LogoWeb-based wallet MyAlgo users found that their assets were being removed from their wallets starting in February 2023. The exploit remained unknown until April 2023, at which time it was revealed that malicious JavaScript code must have been injected on January 21st. The total lo..."

New page

{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/myalgowebwalletjavascriptcdnexploit.php}}
{{Unattributed Sources}}

[[File:Myalgo.jpg|thumb|MyAlgo Wallet Homepage/Logo]]Web-based wallet MyAlgo users found that their assets were being removed from their wallets starting in February 2023. The exploit remained unknown until April 2023, at which time it was revealed that malicious JavaScript code must have been injected on January 21st. The total losses have been estimated at $9.6m and investigation remains ongoing.

This is a global/international case not involving a specific country.<ref name="reddit-12842" /><ref name="coindesk-12843" /><ref name="reddit-12844" /><ref name="redditold-12845" /><ref name="cointelegraph-12846" /><ref name="myalgotwitter-12847" /><ref name="halbornsecuritytwitter-12848" /><ref name="coinspectmedium-12849" /><ref name="wallet-12850" /><ref name="walletarchive-12851" />

== About MyAlgo Web Wallet ==
"MyAlgo, a native wallet for the Algorand blockchain network, has advised users to withdraw funds after it was struck by an exploit last week."

"Blockchain sleuth ZachXBT said that 19.5 million ALGO and 3.5 million USDC worth $9.6 million have been stolen and that centralized exchange ChangeNow has frozen $1.5 million."

"We strongly advise all users to withdraw any funds from Mnemonic wallets that were stored in MyAlgo," MyAlgo confirmed in a tweet.

John Woods, chief technology officer of the Algorand Foundation, said that 25 wallets have been affected and that the exploit is "not the result of an underlying issue with the Algorand protocol or SDK (software development kit)."

"I haven’t seen many posts about this on CT yet but it’s suspected over $9.2m (19.5M ALGO, 3.5m USDC, etc) has been stolen on Algorand as a result of this attack from Feb 19th to 21st."

"Algorand-focused developer collective D13.co released a report on Feb. 27 that eliminated multiple possible exploit vectors such as malware or operating system vulnerabilities.

The report determined the “most probable” scenarios were that the affected users’ seed phrases were compromised through socially engineered phishing attacks or MyAlgo’s website was compromised, leadin to the “targeted exfiltration of unencrypted private keys.”

MyAlgo stated it would continue to work with authorities and would conduct a “thorough investigation to determine the root cause of the attack.”"

"I know this is not much to most of you but I put a good amount of my savings in ALGO because I love the tech behind it and believed it is the future.

Now I know it was a third-party wallet that was hacked but the lack of information around the cause of hack and how it was performed does not instill confidence at all in the algorand community and team.

It reeks of incompetence when I read the cause of the hack is still unknown. This has shaken up my confidence in Algorand and crypto in general."

"As I have been very active on this sub during most of the bear market, I obviously also saw what kind of advices were the most present on this sub from us bear market survivors. While “DCA“ may take the inevitable crone there also were calls to basically just buy your Crypto (or even DCA) and then completely forget about it to come back during a bull run for inevitable gains, right?

Now I know why this is seen as a pretty popular theory as many people from the past basically did that. Someone from 2012 bought Bitcoin and then forgot about it until 2021 to become a millionaire. The problem here is that times have completely changed."

"Attackers abused the CDN, to inject malicious code through a man-in-the-middle attack between the actual http://wallet(.)myalgo(.)com webapp and the user."

"It's unclear how the CDN API key was obtained.

- No evidence of exploitation or vulnerability was found in MyAlgo codebase

-No evidence that the CDN user account was compromised."

"The audit logs cover 18 months, while the impacted account is 19 months old. Interestingly the account was never used until October 2022 (6 months ago). This raises the unlikely possibility that either logs are missing or the API key was obtained 19 months ago, evading the logs"

"The malicious worker (which targeted a specific version of MyAlgo) was uploaded on January 21st, and the attack continued until mid-February when a new version of MyAlgo was released."

"It is important to note that law enforcement and security/forensics professionals will continue investigating, gathering more information that will help shed light on the details of the attack."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

* Known history of when and how the service was started.
* What problems does the company or service claim to solve?
* What marketing materials were used by the firm or business?
* Audits performed, and excerpts that may have been included.
* Business registration documents shown (fake or legitimate).
* How were people recruited to participate?
* Public warnings and announcements prior to the event.

Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:

* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.

== What Happened ==
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
{| class="wikitable"
|+Key Event Timeline - MyAlgo Web Wallet JavaScript CDN Exploit
!Date
!Event
!Description
|-
|January 21st, 2023
|Malicious Worker Uploaded
|The apparent time when the malicious worker was uploaded to affect certain version of the MyAlgo wallet.
|-
|February 19th, 2023
|First Wallet Drained
|The first MyAlgo wallets are drained of funds.
|-
|February 27th, 2023 5:38:00 AM MST
|Tweet Warning From MyAlgo
|MyAlgo shares a tweet to strongly advise users to withdraw any funds stored with a mnemonic generated from the MyAlgo wallet.
|-
|February 27th, 2023 6:13:00 PM MST
|ZachXBT Analysis
|ZachXBT shares his analysis of transactions and reports that he suspects the drainign of funds started on February 19th.
|-
|February 28th, 2023 5:01:00 AM MST
|CoinDesk Article
|CoinDesk reports on the MyAlgo wallet exploit.
|-
|March 6th, 2023 3:35:00 PM MST
|Funds Still Draining
|Funds are reportedly still being actively drained from MyAlgo wallets.
|-
|March 9th, 2023 11:56:33 AM MST
|Reddit Post
|A Reddit post advises against the typical strategy of buying and holding cryptocurrencies long-term, citing the MyAlgo wallet exploit as one potential pitfall with that strategy.
|-
|March 18th, 2023 9:01:42 AM MDT
|Reddit Thread
|Another Reddit thread is posted by a user concerned about the exploit still not having been determined yet. This user only lost 500 ALGO, however their faith in ALGO is permanently shaken by the experience.
|-
|March 18th, 2023 12:17:25 PM MDT
|Medium Post
|A medium post is published by CoinSpect to address several rumours and false narratives around the method of exploit.
|-
|April 21st, 2023 8:54:00 AM MDT
|Final Report Tweet
|Halborn reports on their investigation and MyAlgo shares a final tweet report about the reported exploit, which is apparently traced to a CDN exploit.
|}

== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

== Total Amount Lost ==
$9.6m or $9.2m

The total amount lost has been estimated at $9,600,000 USD.

== Immediate Reactions ==
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

== Ultimate Outcome ==
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

== Total Amount Recovered ==
There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="reddit-12842">[https://www.reddit.com/r/CryptoCurrency/comments/11n0emz/just_buying_your_crypto_and_then_forgetting_about/ https://www.reddit.com/r/CryptoCurrency/comments/11n0emz/just_buying_your_crypto_and_then_forgetting_about/] (Mar 9, 2023)</ref>

<ref name="coindesk-12843">[https://www.coindesk.com/business/2023/02/28/algorand-wallet-myalgo-struck-by-96m-exploit/ Algorand Wallet MyAlgo Advises Users to Withdraw Funds After $9.6M Exploit] (Jan 18, 2024)</ref>

<ref name="reddit-12844">[https://www.reddit.com/r/AlgorandOfficial/comments/11uqqex/i_lost_around_500_algo_in_the_myalgo_wallet_hack/ https://www.reddit.com/r/AlgorandOfficial/comments/11uqqex/i_lost_around_500_algo_in_the_myalgo_wallet_hack/] (Jan 18, 2024)</ref>

<ref name="redditold-12845">[https://old.reddit.com/r/AlgorandOfficial/comments/11uqqex/i_lost_around_500_algo_in_the_myalgo_wallet_hack/ I lost around 500 ALGO in the myalgo wallet hack : AlgorandOfficial] (Jan 18, 2024)</ref>

<ref name="cointelegraph-12846">[https://cointelegraph.com/news/myalgo-users-urged-to-withdraw-as-cause-of-9-2m-hack-remains-unknown https://cointelegraph.com/news/myalgo-users-urged-to-withdraw-as-cause-of-9-2m-hack-remains-unknown] (Jan 18, 2024)</ref>

<ref name="myalgotwitter-12847">[https://twitter.com/myalgo_/status/1630185695791706120 @myalgo_ Twitter] (Jan 18, 2024)</ref>

<ref name="halbornsecuritytwitter-12848">[https://twitter.com/HalbornSecurity/status/1649426359016456192 @HalbornSecurity Twitter] (Jan 18, 2024)</ref>

<ref name="coinspectmedium-12849">[https://coinspect.medium.com/addressing-rumors-and-recommendations-following-the-myalgo-wallet-hack-77b249a80d18 Addressing Rumors And Recommendations Following The Myalgo Wallet Hack] (Jan 18, 2024)</ref>

<ref name="wallet-12850">[https://wallet.myalgo.com/new-account Algorand Wallet] (Jan 18, 2024)</ref>

<ref name="walletarchive-12851">[https://web.archive.org/web/20221213115514/https://wallet.myalgo.com/new-account Algorand Wallet] (Jan 18, 2024)</ref></references>

MyAlgo Web Wallet JavaScript CDN Exploit - Revision history

Azoundria: COMPLETE Another 30 minutes. Integrated the Reddit thread into the wiki. Information from about section moved to other sections. Added information on technical analysis. Integrated a few different sources into the article.

Azoundria: COMPLETE Another 30 minutes. Integrated the Reddit thread into the wiki.