According to a source familiar with the matter, Algo Capital reported to its limited partners Friday that Pablo Yabo, its CTO, had his mobile compromised which allowed attackers to seize control of an Algo hot wallet administered by Yabo. As a result of the breach, roughly $1 million to $2 million in the cryptocurrencies were taken.
“Yes, there was a security breach,” CEO David Garcia told in an email. “We communicated to all the Algo Capital VC Fund Limited Partner’s and updated them about the incident.”
The network itself remains unscathed. The Algorand team is aware of the breach suffered by the investment firm, the source said.
Algo Capital has raised $200 million for its Algo VC Fund, with the cash intended to support projects in the Algorand economy. Algo Capital founder and managing partner Arul Murugan said in an August 2019 statement that:
“Our investment approach specifically targets companies that are creating the next great blockchain applications and infrastructure solutions, and as a result, helping to speed blockchain adoption and bring millions of new users into the Algorand network.”
The investment firm is a separate entity from the Algorand Foundation and Algorand LLC, which oversee the blockchain’s actual development. Pablo Yabo has resigned his position, according to the email sent to partners. Further security measures have been taken by the firm. The majority of the firm’s funds were held in cold wallets that were not compromised.
The firm is taking full responsibility for the loss and committed to reimburse the full amount within 20 months. “We are engaging with certain key organizations and security services to collaborate and address this issue which has become a common industry problem,” Garcia wrote.
The Algorand blockchain itself was first envisioned by MIT professor Silvio Micali in 2017 as a possible solution to the scaling issues other blockchains face. Under its consensus mechanism, the network randomly selects the machines which add the next blocks to the blockchain, as a variant of the proof-of-stake mechanism.