Open source initiative


Anyone has any idea why MyAlgo is not open source? Or why MyAlgo until now still does not have rekey feature?

I believe that core projects on algorand should be open source. Mainly those heavily funded by the foundation.

Anybody is sharing the same thought?

If all people who were hacked were using myAlgo, there is huge chance that there is a XSS vulnerability there… Or all got hacked because of DNS spoofing when they were at single event… Who knows… Would love to see more insight info from @JohnWoods or someone who knows those people…


It’s partially opensrc.

The MyAlgo team are executing a forensic analysis.


Is there some way to get to the results afterwards? I use mostly and wonder if we need to take some security measures. The source is open from 2021 and it is the only wallet which allows rekeying of multisig accounts, making the account online, integrates payment gateway, supports sandbox txs and more… I wonder why it is the only wallet which does not get support from the foundation…


Is there some way to get to the results afterwards?

Absolutely, intend to share.



What kind of problem does MyAlgo Wallet have?
The tweet recommends removing funds from the wallet, why? MyAlgoWallet does not communicate account data to any server , am I wrong ?


1 Like

So far from what i see (i see only public info), is that probably someone performed dns spoofing at some conference where all whales were present (probably Decipher) and created myalgo wallet the same way as it was in original server with little modification to steal the browser data and user input. So noone noticed because everything was working and they just launched the stealing when they kind of created the system to money launder the stolen algos…

I would be looking for some common asset received in the same time in the past to claim nft or whatever at the site. I dont know the addresses from who they stole the assets, so i am just guessing here…

1 Like

Thanks Scholtz,

So MyAlgoWallet hasn’t been hacked and shouldn’t have bug(!), a simple spoofing attack.Correct ?

So the news reported by the twitter is too alarming.


I have done video on how to use multisig accounts on Algorand: Multisig algorand feature @ Niftgen

i see more hacks are still going on… for example the algodex account got hacked…

These guys put the stolen 14 goBTC and 200 eth to the landing protocol and moved all algos to the Kucoin. Is it attack on all algorand mainnet projects?

when something similar was going on on carbon credits market, there was initiative to create open registry with all stolen credits and its current location…

i believe there should be something similar on algorand. We as Aramid bridge want to have means not to transfer the stolen algos or other tokens to other chains…

i believe that all central exchanges who care to freeze hackers assets want to do the same.

Is there something we can help with?

1 Like