Scam or legit? Algorand


Questionable project. Another cryptocurrency with blackjack and own development. Strong team and a working platform don't quite feel in tune with shady connections this project has with certain other projects. Some decisions are so ridiculous, they give us pause.

Our verdict: Questionable!



Algorand is a scalable, secure, and decentralized digital currency and transactions platform.

Actual Product

User consensus that allows to conduct even the tiniest transactions quickly and effectively - regardless of the network's overall size.


Site's real IP hidden via CloudFlare, but there is a glaring exception - the body of the site's pages shows a domain that leads to the real IP.

The site's engine is the good old WordPress. Not the oldest WP, actually the most recent: 4.9.6.

User enumeration hidden via iThemes Security with a limit on the number of unsuccessful login attempts (5). Not really a solution, just gotta change the proxy more often.

Gotta first change the standard access path to the admin panel and introduce IP limits, and can get more creative from there. Their XML-RPC Interface is also openly accessible, which is not the best idea since it can accelerate brute force attacks by orders of magnitude.

Social Media

  • Medium: 4 posts
  • Twitter: 2986 followers
  • Telegram: 12,615 members
  • Facebook: 271 likes (link to Facebook is only in their Telegram)


Silvio Micali - team leader, with more than 35 years of experience. He's a fundamental expert in cryptography, recipient of all sorts of awards, and a teacher with extensive experience. So he gathered around himself top specialists. The core of the project has strong connections with the famous MIT (Massachusetts Institute of Technology).

Sergey Gorbunov, Ph.D. in Computer Science, and Georgios Vlachos, M.Eng. in Computer Science, both published a number of pieces as co-authors of Silvio Micali.

Nickolai Zeldovich - MIT professor, high quality specialist in security and cryptography. Published prolifically and participated as an expert in many projects. TSupevised two of the team members, Derek Leung and Adam Suhl, during their studie.

Naveed Ihsanullah - got his Masters in Computer Science at Harvard University. Since 2000 came all the way from being a Web Consultant i some small company to becoming a Senior Engineering Manager for Mozilla.

David Shoots - 30 years of experience. Worked at Microsoft for 10 years as a Principal Software Engineer.

Rotem Holds - Master of Engineering and a Bachelor of Science in Computer Science from MIT. Strong specialist in cyber-security. Worked in both intelligence agencies and private sector.

Jing Chen - PhD in Computer Science from MIT. Her main research interests are distributed ledgers, game theory, and algorithms.


They mention three people, two of which are connected to the project's investors: Jamie Goldstein - Founding Partner Pillar Companies., and Albert Wenger - managing partner at Union Square Ventures. The third is Steven Kokinos, co-founder and Executive Chairman of Fuze.


The project has three types of advisers: Economic, Scientific, and Cryptocurrency. All are top specialists.

Economic and Scientific advisors mostly include MIT professors. The exceptions are Kenneth Rogoff - Professor at Harvard University, and Maurice Herlihy - Professor of Computer Science, Brown University.

From Cryptocurrency Advisors, we have to note Naval Ravikant, the co-founder of AngelList and founder of CoinList.


They have not one but 3 (!) white papers. Plus, the How It Works section of their website acts as a de facto Project Summary.

How it works

Scales to billions of users

A block is generated in two stages:

  1. User for block formation is randomly selected.
  2. Randomly selected group of users verifies the proposed block.

In both cases, the more funds a user has, the higher the chance of him being selected.

This way, the system is supposed to be scalable - nothing difficult about randomly selecting people from a list.


They guarantee that the network will work securely as long as most of the funds are owned by honest people.

This means the funds of not some special segment of users, but of all of them.

The money taken into account when selecting a user for block formation fully belong to the user and do not constitute a stake. Can be withdrawn from the wallet at any time.

No computational waste. Low transaction costs

Needless to say, such a system doesn't have any computational waste. It's not PoW. Since computational volume for block formation is more or less constant, the commission price should not gor (or grow very slowly).

No forks. Fast and final

This system cannot have a fork. More specifically, the probability of a fork is 10^{-18}. This was intended during the system's development.

They say that every new block could be immediately trusted. Blocks are generated very quickly, and all transactions in each block are final. So no need for any additional verifications.

No censorship. Transaction neutrality

Due to the random mecanism of generating blocks, transactions cannot be censored.

Algorand’s Techniques

  • Weighted users (based on the money in their account)
  • Consensus by committee (randomly selected users)
  • Cryptographic sortition (every user in the system can independently determine if they are chosen to be on the committee, user privately selected)
  • Participant replacement (as soon as a committee member sends his vote, he stops participating in the consensus algorithm)

Experimental results

The amount of computation required is minimal. Essentially, no matter how many users are present in the system, each of fifteen hundred users must perform at most a few seconds of computation

From their network's test launch, they got the following results (running on 1,000 Amazon EC2 VMs):

Algorand can confirm a 1 MByte block of transactions in ∼22 seconds with 50,000 users

From other experiments, Algorand’s latency remains nearly constant when scaling to half a million users.

General algorithm

Every user has a public key. All transactions are signed with a key.

Each round has a new block with transactions and link to the previous block.

Users communicate with each other and confirm transactions via gossip protocol.

Consensus is reached via the BA⋆ algorithm.

BA⋆ executes in steps, communicates over the same gossip protocol, and produces a new agreed-upon block.

At the same time, BA⋆ can generate two types of consensus: final and tentative.

If one user reaches final consensus, this means that any other user that reaches final or tentative consensus in the same round must agree on the same block value.

Tentative consensus happens if the algorithm cannot reach final consensus among different blocks.

Gossip protocol

This is the protocol where each user selects a small random set of peers to gossip messages to. At the same time, each message is signed with a private key. Each user cannot send the same message to the network more than once (protection from spam/flood).

Block proposal

The pool of users who can form the new block is randomly selected.

Each users gets assigned a ranking based on which one user is selected to form the block.

If that user is currently offline, the next one in the ranking gets to form the block.

Agreement using BA⋆

Each user initializes BA⋆ with the highest-priority block that they received. BA⋆ executes in repeated steps.

  1. Cryptographic sortition - each user checks if he is part of the verificator group.
  2. Broadcast - each verificator sends his verdict to all other verificators.

These steps repeat until, in some step of BA⋆, enough users in the committee reach consensus.


When the network is strongly synchronous, BA⋆ guarantees that if all honest users start with the same initial block, then BA⋆ establishes final consensus over that block and in 4 steps.

Under the same network conditions, and in the worst case of a particularly lucky adversary, all honest users reach consensus on the next block within 13 steps.

Cryptographic sortition

This is the algorithm for selecting the random pool of users based on their weights (amount of funds in their account). Randomness is generated via a publicly accessible seed. The seed published at Algorand’s current round is determined using VRFs with the seed of the previous round. Computing seed requires that every user’s secret key is chosen well in advance of the selection seed used in that round.

Sortition is implemented using VRFs (verifiable random functions). These functions return a hash and a proof. Using the hash, you can determine the selected user knowing only his key. Using the proof, you can do the same with the public key.

The algorithm itself does not protect against Sybil attacks.

During this process, the algorithm stores a minimal amount of private information, including the private key - which you don't want to show to anyone. However, it is accessible when the algorithm is open. After the verificator votes once, his key becomes accessible to everyone, but has no harm since the user is no longer voting. Regardless, publicly accessible private keys are always a problem. Looks shady.

Block proposal

One risk of choosing several proposers is that each will gossip their own proposed block. For large sized blocks, this will have a bad effect on network performance.

So they use prioritization to solve this problem.

Algorand users discard messages about blocks that do not have the highest priority seen by that user so far.

But, despite modifying the regular BA algorithm, the algorithm can be compromised by 34% malicious proposers.


The execution of BA⋆ consists of two phases. Each phase consists of several interactive steps:

  1. BA⋆ reduces the problem of agreeing on a block to agreement on one of two options. (takes two steps)
  2. BA⋆ reaches agreement on one of these options: either agreeing on a proposed block, or agreeing on an empty block. (takes two steps)

In each step, each verifier votes and all others tally the votes. Users that receive more than a threshold of votes for some value will vote for that value in the next step.

If the block proposer is honest, final consensus is reached much faster.

Besides all else, they solves problems created by the very architecture of the algorithm.



Seriously, it's simply encrypted.

Hashes are computed as follows: SHA256(SHA256(msg) || SHA256(nonce))

We can't see what's hidden behind each hash until the team wants us to.

Very original indeed. But what if the last has has a "so long, goodbye" message?

TODA's Overview

We found a connection between Algorand and a certain TODA. Let's dig into this TODA.


The TODA Protocol enables every ledger-based blockchain to scale to billions of users and handle millions of on-chain transactions per second at a near-zero cost.


Well, at least it's not spaced themed - digits instead. And they don't start flying immediately, slowly at that. Looks a bit weird with the predominantly blue color of the site.

One-pager, except the "TODA.DAY" section, with a contact form.

Use Wix as their engine.

Social Media

  • Telegram: 4,270 members
  • YouTube: 3 subscribers, 85 views, 1 video
  • Twitter: 8 tweets, 36 followers
  • Instagram: 7 posts, 39 subscribers

Executive Team

They list 6 specialists, two of which are noteworthy: Toufi Saliba and Dann Toliver, which are TODA's co-authors. Toufi actively presents at various conferences and promotes their projects.

Honorary Founding Members

Lila Tretikov - from 2014 to 2017 was the Chief Executive at Wikimedia Foundation and Wikipedia Endownment. All good, except one glaring problem: she's listed on all the sites of their projects (around 4), but doesn't associate herself with any of them in her social media accounts.

Todd Gebhart - former Co-President at McAfee and former Vice Chairman at Intel Security. In social networks, doesn't associate himself with the project, but did appear in a video on TODA.Day.

Dann Toliver and Toufi Saliba.

Silvio Micali - Ford Professor of Engineering, the recipient of the Turing Award, currently at Silvio Micali was a member of the project, the current status of which is unknown. (TODA-Algorand, the project that was supposed to have used the protocols of Toda and Algorand; CEO of TODA-Algorand was Toufi Saliba; it also included Sergey Gorbunov, another Algorand team member.)


Nothing on their site, but we found two versions of the summary: one in Toufi Saliba's github profile from June 26th, 2017; another in Dann Toliver's github profile from April 13th, 2017.

According to that summary, the TODA protocol was developed to satisfy the demand for a strong governance value exchange platform, scalable to a million transactions per second, powering billions of devices, increasing security, and lowering transaction fees.


Todatree - а virtual binary tree that contains a reference to every object in the entire system that exist.

TODAQ or Quark - the smallest Unit at the leaf's level. TodaNote = 2^32 TODAQ

TodaNote or Toda File - contains TODAQ, but the user cannot divide it, can't for example transfer 0.9 or 0.5 TodaNote, only 1 TodaNote. It's called Toda File since it is actually a file when viewed by Machine’s OS.

Each TodaNote has its own unique number that will never change. Each TODAQ also has its unique number but only within one specific TodaNote. Quark numbers are like DNA they belong to the TodaNote and can not belong to 2 TodaNotes.

Technically, the maximum number of TodaNotes = 2^63 (right now they have 2^32).

Chain of Machines/Wallets - records that note the movement of TodaNotes into a Todatree that is stored in each TodaNote.

Transaction fees and creation of new TodaNotes

Sending a transaction = 0.03%; receiving a transaction = 0.03%; plus, each transaction generates 0.04% in the system. This way, 1 TodaNote can get you about 3,333 transactions, and each new TodaNote is generated in the system after 2,500 transactions.

PoAW (Proof of Actual Work) = 0.03% + 0.03% + 0.04% = 0.1%


This tree is used as a map so Machines know how to navigate the system and where to expect objects to be. T96 level is where all Machines are at. Quarks are at the TodaTree leafs level t0 of that Machine.

However not all quarks have same value, they all depend on the provenance Branch of TodaTree.

Decentralized and Distributed Consensus Mechanism

For every TodaNote, at least 1 out of 32 managers must testify its transfer for it to be transacted and those managers must be the ones selected by the pseudorandom function so everyone knows (can compute) who they should be during a certain block.

Questions for the project

Q: "Thus, the system is assumed to be scalable - no difficulty in choosing random people from a list." Wouldn't the number of users affect how fast users are choosing for block formation? As in, there should be a pretty noticeable difference when choosing between 5,000 vs. 500,000 people, right?


Q: "If most of the funds are owned by honest users, the secure functioning of the entire system is guaranteed." Can you really consider money ownership a safer criteria than number of users? If 5 users hold 2/3 of all funds - they could easily collude. On the other hand, for 2/3 of users in a large network to collude is much more difficult.

Q: "Meaning not the funds of some special segment of users but of all the users." So what's the difference between some special group vs. just the richest users?


Q: "The money taken into consideration when choosing users for new block formation fully belong to the user and do not constitute a stake. They can be transferred out of the wallet at any time." So a user can load up the wallet with a lot of funds until he is selected for block formation, pretend to be honest for a bit of time, earn trust from other rich users who get to be verifications more often than others, and then just form one block in his favor and take all the funds? Without any limits on how many days he has to hold the funds in a wallet?


Q: Why so secretive about the roadmap?


Q: How will the nodes earn revenue? How will the team earn? Commissions? Didn't find any info.


Q: Where is info on your tokenomics and ICO?


Q: What's up with all this "toda" business? We have a number of questions about that one.


Q: Why doesn't the Toda site have the Toda whitepaper?


Q: How is Toda File protected from editing?


Q: If TODAQ belongs to the TodaNote and can not belong to another TodaNotes, so how dos one get rewarded? Do you have to gather all TODAQ in one TodaNotes?


Q: If not all quarks have the same value, how does TodaNote = 2^32 quarks?


Q: In your cache, we found that your CEO being the CEO of Toda-Algorand, and now as CEO of Toda Network. Can you explain the two names? Here are the links: (cache: ,


Q: Here too we found a connection between the two projects: (cache: cache: All cached but not in the current website version - please explain.


Q: - only 2 of the links appear to be working. What's going on here?


Q: The sites and redirect to without warning - why? Why couldn't you delete old content and create a normal redirect? Why do we have to watch the loading and takes 3-4 seconds to redirect to the ugly


Q: - another site connected to toda. Why such a zoo of sites?


Q: All of the toda sites don't show up if ad blocker is turned on. Seriously? Did you also put trackers on those sites without letting the users know?


Q: Here ( it talks about 125 billion backstopped Toda Notes (TDN)... Where did so many TDN come from? Since realistically TodaNotes are at level 32, 2^32=4,294,967,296 - where did the other 121 billion come from?


Q: We also found this:(cache: "TODAQ Financial is launching a USD-backed digital currency Toda Note (TDN) enabled by Toda protocol..." Why was this page deleted?



It's not clear-cut. The team is strong. The platform is workable and offers yet another new crypto.

They're active in social media.

Three whitepapers. Short, bigger, and then the biggest and most detailed. Mostly just repeating each other, so why bother?

Very strange connections with other projects, really crazy solutions, and a lot of questions...



Disclaimer: The above audit is not in any way financial advice or a solicitation to buy - it's merely our collective opinion that we are kind enough to share with you. Don't make us regret that.

The report is prepared in partnership with

Our links:

Comments 0