according to some guy on algo discord, they were hosted on godaddy… other person pinpointed this article GoDaddy suffered a huge hack that saw criminals steal source code and install malware | TechRadar and i believe it sums it up…
with last 3 years someone could inject the code to their websites without them knowing, even possibly creating some proxy code so that in the web developers tools there is no suspicious traffic outside
this article was published 2 weeks back, so i assume the myAlgo is safe now (i might be wrong)
but i still believe we should create “Clean algorand iniciative” where there would be registry where any project can ask for the address and it would tell you if there are some stolen funds there… Open source initiative - #10 by scholtz It might prevent any potential hackers steal the funds or move them to algorand and wash them…