Alphapo, a cryptocurrency payment service provider, has reportedly lost more than $60 million after a major security breach within a hot wallet, with some reports suggesting total losses could reach around $100 million. De.FiWeb3 antivirus company.
original hack Discovered Blockchain researcher ZachXBT reported on July 23 that “more than $23 million in ETH, TRON and BTC was exfiltrated from Alphapo’s hot wallet.”
Wallets belonging to Alphapo were reportedly hacked across multiple platforms and the stolen funds were distributed across various Externally Owned Accounts (EOAs).
Posted by ZachXBT update In response to the investigation on July 25, he commented as follows.
“This hack uncovered an additional $37 million stolen in TRON and BTC.
This brought the total amount stolen to $60 million.
It seems likely that this hack was done by Lazarus as it creates a highly distinctive fingerprint on-chain. ”
attack in progress
according to reports De.Fi, Alphapo, a Web3 antivirus, is a key pipeline for processing payments for gambling services such as HypeDrop, Bovada, and Ignition. Following this breach, one of Alphapo’s customers, his HypeDrop, had to quickly suspend its withdrawal services.
in the statement liberated HypeDrop reassured users on July 23 that “even if payments are impacted, your funds are safe.” The company also said it is actively monitoring the situation and will provide updates as more information becomes available.
advertise later Has been updated As stated by the user,
“Your HypeDrop funds are safe, but something went wrong with your cryptocurrency provider.
Once the provider resumes operations, the processing deposit will be credited accordingly. ”
The compromised wallet, known as Alphapo.eth, had its funds converted to Ethereum (ETH) by hackers. The funds were then sent through various channels such as Avalanche and Bitcoin. Evidence from Etherscan transaction records shows a consistent outflow of funds from Alphapo.eth wallets. Initial estimates put the value of the stolen tokens at around $31 million.
The attackers involved in this incident are reportedly associated with addresses ‘0x6d2e8’, ‘0x040a9’, ‘TDoNAZ’ and ‘TKSitn’.
The consensus among the cybersecurity community is that the investigation into the Alphapo incident is still ongoing.
Preliminary indications from De.Fi suggest that compromised private keys may be a potential source of compromise.
The exact amount of Bitcoin stolen remains unconfirmed outside of De.Fi and ZachXBT predictions. However, over $60 million has been uncovered as of this writing.