$60M crypto heist hits Alphapo, Lazarus Group suspected

According to on-chain sleuth ZachXBT, crypto payment provider Alphapo’s losses now exceed $60m, a significant increase from initially reported $31m.

Hacker behind the screen

In the shadowy world of cryptocurrency, another heist has left its mark. Alphapo, a centralized crypto payment provider for e-commerce subscription services, gaming sites, and other online businesses, has reportedly been hit by a hack that has left a gaping hole of over $60 million. This figure, brought to light by on-chain detective ZachXBT, is a significant leap from the initial estimates of $31 million.

Alphapo, known for its partnership with the mystery box platform HypeDrop and gambling sites Bovada and Ignition, found itself in the crosshairs of alleged hackers on July 23. Initial reports suggested that the company's hot wallets were drained of at least $21 million, with some sources claiming the figure to be over $31 million.

In the wake of the alleged hack, Alphapo remained tight-lipped, only stating that deposits and withdrawals were being reinstated at new addresses. Meanwhile, HypeDrop confirmed that its payment provider was "experiencing issues" that were causing withdrawals to be delayed.

The plot thickened when ZachXBT, using data from Dune Analytics, identified an additional $37 million allegedly drained from the old addresses on the Tron and Bitcoin networks. This revelation pushed the total estimated losses to over $60 million.

The twist in the tale? The Lazarus Group, a cybercrime group with alleged ties to the North Korean government, is suspected to be the mastermind behind the attack. Known for leaving a "very distinct fingerprint on-chain," the group has been in the crosshairs of security researchers since 2014.

Alphapo's ordeal is not an isolated incident in the crypto world. Earlier in July, the cross-chain bridging protocol Multichain suffered over $100 million in unexplained withdrawals, leading to the cessation of its operations.

As the dust settles on this latest crypto heist, the question remains: How can the industry strengthen its defenses to prevent such attacks in the future? The answer may lie in a combination of robust security measures, vigilant monitoring, and perhaps, a little bit of luck.