Tom Blackstone5 hours agoAlphapo payment provider hack now estimated at over $60M — ZachXBTThe on-chain sleuth ZachXBT claims to have found an additional $37 million in losses suffered from the unconfirmed attack.2129 Total views14 Total sharesListen to article 0:00NewsJoin us on social networksThe alleged Alphapo payments provider hack of July 23 is now estimated to have caused losses exceeding $60 million, according to a July 25 report from on-chain sleuth ZachXBT. The loss was previously reported at roughly $31 million.Hack update: An additional $37M stolen on TRON & BTC from this hack has been located.
This now brings the total amount stolen to $60M.
This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain. pic.twitter.com/ACGSXiDwW3— ZachXBT (@zachxbt) July 25, 2023
Alphapo is a centralized crypto payment provider for e-commerce subscription services, gaming sites and other online businesses. It’s known as the provider for mystery box platform HypeDrop and gambling sites Bovada and Ignition. On July 23, security experts began reporting that the site’s hot wallets appeared to have been drained of at least $21 million, with some sources reporting that the losses exceeded $31 million.
At the time, Alphapo did not comment on the alleged hack, but it did tell Cointelegraph that deposits and withdrawals were being reinstated at new addresses. The team said funds deposited to old addresses will be “additionally verified.” HypeDrop confirmed that its payment provider was “experiencing issues” that were causing withdrawals to be delayed but that withdrawals would be reinstated once the issue was resolved.
Related:Curve omnipool platform Conic Finance hacked for $3.2M in ETH
Neither company confirmed that the issues were caused by a hack, but security researchers have argued that the large outflows from known hot wallets, combined with stalled withdrawals, imply that the funds may have been moved by an attacker.
The new report from ZachXBT identifies an additional $37 million allegedly drained from the old addresses on the Tron and Bitcoin networks, bringing the total to more than $60 million in losses. Citing data from Dune Analytics, the on-chain sleuth argued that the Lazarus Group may be behind the attack:“This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain.”
The Lazarus Group is a cybercrime group first identified by a consortium of security researchers led by Novetta in 2014. The group is believed to have ties to the government of North Korea.
Alphapo is not the only centralized crypto provider to have suffered mysteriously large withdrawals in July. On July 7, cross-chain bridging protocol Multichain suffered over $100 million in unexplained withdrawals. On July 14, the Multichain team announced that it would stop operations after revealing that these withdrawals had been caused by an attacker accessing the protocol’s private keys through a cloud storage service.# Blockchain# Business# Decentralization# GamblingAdd reactionAdd reactionRelated NewsWhat are NFT royalties, and how do they work?AI and dot-com bubble share some similarities but differ where it countsZero-knowledge tech development heats up amid bear marketItaly’s central bank calls for framework to prevent stablecoin runsUniversities use blockchain-based storage to protect and democratize dataEnterprise blockchain: ‘Ethereum for Business’ explains key use cases