Alphapo payment provider hack now estimated at over $60M — ZachXBT
The on-chain sleuth ZachXBT claims to have found an additional $37 million in losses suffered from the unconfirmed attack.
The alleged Alphapo payments provider hack of July 23 is now estimated to have caused losses exceeding $60 million, according to a July 25 report from on-chain sleuth ZachXBT. The loss was previously reported at roughly $31 million.
Alphapo is a centralized crypto payment provider for e-commerce subscription services, gaming sites and other online businesses. It’s known as the provider for mystery box platform HypeDrop and gambling sites Bovada and Ignition. On July 23, security experts began reporting that the site’s hot wallets of at least $21 million, with some sources reporting that the losses exceeded $31 million.
At the time, Alphapo did not comment on the alleged hack, but it did tell Cointelegraph that deposits and withdrawals were being reinstated at new addresses. The team said funds deposited to old addresses will be “additionally verified.” HypeDrop confirmed that its payment provider was “experiencing issues” that were causing withdrawals to be delayed but that withdrawals would be reinstated once the issue was resolved.
Related:
Neither company confirmed that the issues were caused by a hack, but security researchers have argued that the large outflows from known hot wallets, combined with stalled withdrawals, imply that the funds may have been moved by an attacker.
The new report from ZachXBT identifies an additional $37 million allegedly drained from the old addresses on the Tron and Bitcoin networks, bringing the total to more than $60 million in losses. Citing data from Dune Analytics, the on-chain sleuth argued that the Lazarus Group may be behind the attack:
The Lazarus Group is a cybercrime group first identified by a consortium of security researchers led by Novetta in 2014. The group is believed to have ties to the government of North Korea.
Alphapo is not the only centralized crypto provider to have suffered mysteriously large withdrawals in July. On July 7, cross-chain bridging protocol Multichain . On July 14, the Multichain team after revealing that these withdrawals had been caused by an attacker accessing the protocol’s private keys through a cloud storage service.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
July 2024: Optimizing Balanced Through New Development
In July, ICON advanced its integration efforts and optimized system performance. Key achievements including completion of audits for Stellar, and contracts for Solana. Looking ahead to August we anticipate the deployment of Sui contracts to mainnet.|
MAX Score Airdrop Event Reward Allocation and Claim Guide
Dogs: There will be something for DOGS player on August 14th