On July 22, security experts reported that at least $31 million was stolen from crypto payments platform Alphapo's Ethereum hot wallet, along with TRX and Bitcoin. The actual amount of stolen bitcoins remains uncertain, and it's possible that the total stolen funds could be higher. The hack involved the funds being stolen on the Ethereum network, then exchanged for ETH and transferred to the Avalanche and Bitcoin blockchains. The incident is suspected to be caused by leaked private keys, but investigations are still ongoing.
Alphapo is known as a payment processor offering instant transactions in over 30 digital assets and balances in various fiat currencies. It acts as an encrypted gateway for several gambling platforms, including HypeDrop, Ignition, and Bovada. After the hack, HypeDrop, a client of Alphapo, suspended processing encrypted transactions. The Mystery Box platform also reported issues with deposits and withdrawals due to the security breach. However, they assured users that their HypeDrop funds were safe and would be credited accordingly once the cryptocurrency provider resumes operations.
While a spokesperson for Alphapo did not directly comment on the incident, they informed that deposits and withdrawals of bulk currencies would resume in due course. They also advised users not to send funds to old deposit addresses, but any funds mistakenly sent to the se addresses would undergo additional verification.
In a separate security incident, decentralized finance protocol Conic Finance experienced two attacks within a short span. The first attack resulted in the theft of $3.26 million in ether, with almost the entire amount being sent to an Ethereum address in a single transaction. A post-mortem report revealed that a second attack occurred hours later, involving a variant of a sandwich attack on its mining pool, leading to the attackers obtaining approximately $300,000.
