A recent report by on-chain sleuth ZachXBT reveals that the hack of Alphapo payment provider on July 23 resulted in estimated damages of more than $60 million, surpassing the previously reported losses of around $31 million. Alphapo is a centralized cryptocurrency payment provider used by e-commerce subscription services, gaming sites, and other online businesses. Notably, it provides services to the mystery box platform HypeDrop and gambling sites Bovada and Ignition. Security experts initially observed the site's hot wallet being drained of at least $21 million, with some sources suggesting losses exceeding $31 million.
Although Alphapo did not comment on the alleged hack at the time, it did inform that it was resuming deposits and withdrawals to new addresses, while deposits to old addresses would require additional verification. HypeDrop acknowledged that its payment provider was experiencing an issue affecting withdrawals, which would be resolved to restore normal operations. While neither company confirmed that the problems were due to hackers, security researchers noted the significant outflow of funds from known hot wallets and stalled withdrawals, indicating potential involvement of attackers.
The new report from ZachXBT claims that an additional $37 million was allegedly lost from old addresses on the Tron and Bitcoin networks, pushing the total loss to over $60 million. The attack has raised suspicions about the Lazarus group's involvement, as on-chain sleuths, referring data from Dune Analytics, believe the hack bears the group's unique fingerprint. The Lazarus group is a cybercrime organization with suspected ties to the North Korean government, first discovered in 2014 by a consortium of security researchers led by Novetta.
Alphapo's incident is not an isolated case, as another centralized cryptocurrency provider, Multichain, suffered large unexplained withdrawals of over $100 million on July 7. Consequently, Multichain announced its cessation of operations on July 14, at Tributing the withdrawals to attackers accessing the protocol's private keys through a cloud storage service. These high-profile attacks on cryptocurrency providers highlight the ongoing security challenges faced by the industry and the need for robust measures to protect users' assets.
