- The value of the losses in the recent Alphapo hack has jumped from $30 million to $60 million
- The hack was initially estimated to be around $23-30 million, but $37 million more has been found to have been stolen
- On-chain sleuth ZachXBT identified the North Korea-linked hacker group Lazarus as the likely culprits
Crypto payments processor Alphapo has revealed that the total losses from a recent security breach have skyrocketed to $60 million following the discovery of further stolen funds. The hack, which targeted Tron and Bitcoin assets, was initially estimated to have cost the platform $23-30 million, but a subsequent investigation led by on-chain sleuth ZachXBT has uncovered an additional $37 million stolen by the attackers. Alphapo is yet to issue a formal update, leading to concerns from the community.
Over $23 Million Initially Thought Stolen
Alphapo, a payments processor catering to crypto-related gambling platforms like HypeDrop, Bovada, and Ignition, suffered the breach two days ago when hackers exploited the platform’s hot wallets. The attackers managed to gain unauthorized access to users’ crypto assets on various blockchains, including Bitcoin, Ethereum, and Tron, stealing $23-30 million in stablecoins, altcoins, and bitcoins. The hackers quickly converted the stolen stablecoins and tokens into over 5,730 ETH before bridging them to Avalanche and Bitcoin, making it challenging to trace the funds.
As if things weren’t bad enough already, ZachXBT revealed that an additional $37 million worth of assets have now been found to have left the platform illegally:
Hack update: An additional $37M stolen on TRON & BTC from this hack has been located.
This now brings the total amount stolen to $60M.
This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain. pic.twitter.com/ACGSXiDwW3
— ZachXBT (@zachxbt) July 25, 2030
Lazarus Pinpointed
ZachXBT has pointed fingers at the notorious North Korea-linked hacker group Lazarus, citing their “very distinct” on-chain fingerprint as evidence. This group has a history of high-profile crypto hacks and was previously implicated in the $540 million heist involving the Ronin Network. Reports suggest that Lazarus has stolen approximately $1.7 billion in cryptocurrencies throughout 2022.
Alphapo took immediate action to contain the incident, and the HypeDrop team temporarily suspended the platform’s withdrawal service. They have since assured users that their funds are safe and are closely monitoring the situation. Alphapo has still yet to issue an official statement updating its users on the situation. However, HypeDrop, in a recent tweet, acknowledged that the withdrawals were being manually processed at a slow pace by Alphapo.
As a precaution, HypeDrop has enlisted the services of another payment provider to serve as a backup until the situation is resolved.
