MyAlgo security warning

  • Updated

IMPORTANT UPDATE:
As of March 24, 2023 we have integrated Pera Wallet in the Explorer as the new (and only!) opt-in method within our ecosystem.
If you wish to

  1. join the HODLER program
  2. join the Loyalty program
  3. buy a sensor/license discount voucher from our Marketplace
    you can do so by using Pera Wallet.


Pera Algo Wallet also supports accounts backed by a Ledger hardware wallet.

On March 6, 2023 a large-scale incident targeting MyAlgo accounts took place. Unauthorized access and movement of assets has been documented by the community all across the Algorand space.

As a precautionary measure to prevent further attacks, MyAlgo has requested all its users to either withdraw or rekey their funds to new accounts (outside of MyAlgo). See full statement here.

Following this incident, Algorand Foundation issued a statement reassuring that “the Algorand protocol is robust and secure, and has not been compromised”. See full statement here.

The investigation is still ongoing. However, based on what has been disclosed, no hardware wallets are not known to have been affected.

For more information on wallet security, refer to Algorand Foundation’s CTO, John Woods, recently recorded video.

Meanwhile, many scams have already been reported involving fake MyAlgo accounts and other service providers’ impersonations. Please be mindful that there will always be people trying to exploit such situations. At times like this, one can never be too cautious. This being said, do not, by any chance, provide personal information that could give someone else access to your wallets. 

 

At PlanetWatch we prioritize security above all else. Our tech team works hard every day to ensure you are safe within our ecosystem. Therefore, in the light of the recent events with MyAlgo, our focus is to help you keep yourself protected. Below we list all known options at hands. You should make your own assessment and act according to what serves your best interest based on your specific circumstances.

 

If you’ve ever used any of your accounts on MyAlgo, and unless you have a ledger wallet, our recommendation is for you to:

1. First, protect your funds

2. Make your HODLER commitment safe

3. Use a secure route to claim any Loyalty perks

4. Change your sensors’ wallets to be precautious 

To keep the functionality of the Ledger opt-in, the MyAlgo opt-in will remain active on our Explorer. However, we specifically advise you to use MyAlgo only with Ledger going forward and not create or opt-in regular Algo wallets with MyAlgo anymore. Please note that this is an informative take, not an endorsement to Ledger in detriment of other solutions.

 

PLANETS

If you’ve ever used any of your accounts on MyAlgo, you should carefully look into options to safeguard your ASAs:

- Move your funds to a new wallet outside of MyAlgo

OR

- Rekey your wallet to a wallet you deem safe

OR

- Use a Ledger wallet

 

HODLER PROGRAM

If you’ve ever used any of your accounts on MyAlgo, you should carefully look into options to safeguard your HODLER balance:

- Create/Recover a safe wallet of your choice in the PlanetWatch App by moving a sensor onto it (this will make that wallet appear in the MyWallet section in the Explorer and it can then be chosen as a staking wallet) 

OR

- Rekey your wallet to a wallet you deem safe

OR 

- Use a Ledger created wallet via MyAlgo (for the time being, you can use a Ledger wallet as a staking wallet only via MyAlgo opt-in and rely on the safety of that hardware wallet).

 

LOYALTY PROGRAM

  • If you have already joined the Loyalty Program, you should carefully look into options to secure the wallet where you keep your membership discount/badge NFTs:

- Move your assets to a new wallet outside of MyAlgo

OR

- Rekey your wallet to a wallet you deem safe

  • If you wish to join the Loyalty Program, for the time being and while we come up with an alternative opt-in method, only do it in case you have a Ledger wallet.

 

VOUCHER MARKETPLACE  & TREE NFT’s

  • If you have already purchased a sensor/license discount voucher or a tree NFT on our Explorer Marketplace, you should carefully look into options to secure the wallet where you keep your discount vouchers and tree NFTs:

- Move your assets to a new wallet outside of MyAlgo

OR
- Rekey your wallet to a wallet you deem safe

  • If you want to buy a sensor/license discount voucher, for the time being and while we come up with an alternative opt-in method, only do it in case you have a Ledger wallet.

For your convenience, all licenses expiring between February 14, 2023 to April 30, 2023 have been automatically extended for an additional 30 days.

 

SENSORS

Your sensors’ NFTs are not at risk as they are frozen in your wallet and can not be moved without systemic consent. You can only move the sensor and license NFT by changing the wallet in the PlanetWatch App. 

However, as the sensor wallet is the one that gets the daily rewards, if you’ve ever used it on MyAlgo, you should carefully look into options to secure it:

- Rekey your wallet to a wallet you deem safe (bear in mind that rekeying is signing over the authority and keeping the original address, which means you don’t need to move any assets)

OR

- Create/Recover a safe wallet of your choice in the PlanetWatch App and then move your sensor onto it

Please beware that, as MyAlgo stated, "importing the same 25 words you had in MyAlgo to a new wallet is not safe - only use a Ledger or new account that has never been in MyAlgo".

 

RESOURCES

- Algorand Rekeying
PDF

Blog

- Pera Algo Rekeying instructions 

Pera Algo Web

Pera Algo App

- Defly App Rekeying instructions

 

PlanetWatch Support 

 

FAQs

After rekeying my staking wallet, do I need to do something else to keep receiving my bonus rewards from the HODLER program?

A: No. As rekeying does not change the original wallet address, there is no other action required for you to keep being part of the HODLER program. Just make sure your new wallet (to which you have rekeyed your staking wallet to) is safe as it now holds the execution authority.

 

Will my previous HODLER bonus rewards be lost if I change the staking wallet?

A: No. Your HODLER bonus rewards won’t be lost, they will continue to be accumulated in the new staking wallet. Changing the staking wallet doesn’t affect your eligibility for the whole runtime of the HODLER program (as long as you keep complying with the balance requirements).

 

I created a new wallet in the PlanetWatch App but it doesn’t appear in the MyWallet section. Why?

A: Currently, for a new wallet created in the PlanetWatch App to appear in the MyWallet section it needs to have a PlanetWatch sensor on it. 

You first need to add (create/recover) a wallet on the PlanetWatch App - regular App not the Wearable one - and then change one of your sensors’ wallet to that new wallet. 

After this, it should be visible in the MyWallet section, where you can, for example, set it as your staking wallet.

 

After rekeying the wallet, I can’t see my assets on the new wallet. Why?

A: The new wallet (to which you have rekeyed your old wallet to) does not hold the assets, it only has the authority to sign all outgoing transactions. So, your assets remain on the old wallet, the address remains the same, but the seed phrase will not work anymore on the old wallet to execute transactions. From now on, all transactions must be signed by the new wallet. 

If you want to use the old wallet for any reason, you need both seed phrases - to recover the old asset holding wallet and the new asset signing wallet.

 

If I have a wallet on the Ledger, can I use MyAlgo?

A: Yes. You can opt-in that Ledger wallet via the official MyAlgo integration and then use it like any other MyAlgo wallet with the added safety factor that you have to confirm every single action on the hardware device, which effectively means that only the person with the hardware can do it.

Does the PlanetWatch App use MyAlgo to create or store the wallets?

A: No. PlanetWatch does not use any third-party wallet solution to create wallets or store them on the App (storing is only local, we do not store the access online or on a server).
PlanetWatch has its own internal process for wallet creation and recovery from seed phrases. 

 

Does PlanetWatch’s e-commerce use MyAlgo to pay the licenses and renewals?

A: No. PlanetWatch’s e-commerce doesn’t use MyAlgo, it uses a payment gateway.


Meanwhile, we encourage you to join our Telegram and Discord groups if you have not done so already to stay up to date with the latest news and chat with fellow PlanetWatchers.

Share this article