- MyAlgo team has released preliminary findings of the recent exploit.
- The attacker reportedly employed a MITM attack technique to carry out the attack.
- The MyAlgo team also addressed the steps to be taken to stay safe.
Wallet provider MyAlgo had recently addressed the ongoing efforts that have been taken by the team regarding the recent hack. In one of their latest tweets, the team released a summary of their preliminary findings. MyAlgo stated that its findings are preliminary and that the investigation is still ongoing, so the final conclusions could change.
The initial inquiry suggests that the attackers used a method called a MITM attack. They did this by taking advantage of the content delivery network (CDN) to create a deadly proxy.
MyAlgo stated in the tweet:
Attackers abused the CDN delivering the web app to users, to inject malicious code through a man-in-the-middle attack between the actual http://wallet.myalgo.com web app and the user.
The malicious proxy got the real MyAlgo code and changed it to make a harmful version that it showed to the user. This malicious code was made to collect the user’s passwords and secret phrases and send them to the attacker’s server.
MyAlgo stated that the attackers still hold the private keys that were maliciously collected and can still access the funds. The team also recommends the Ledger hardware wallet as the safest way to handle private keys or seeds. They also urged the users to change their MyAlgo passwords.
In the tweet thread, MyAlgo also thanked the security teams that helped with the preliminary investigation and the community for the support.
The team has found hundreds of victims, even among the MyAlgo team. They have promised to keep investigating to locate any compromised accounts and cooperate with authorities to catch the culprit. Additionally, they will take steps to prevent stolen funds from being moved through exchanges.