Recent revelations suggest that the loss from the reported security breach of crypto payment provider Alphapo may be far more significant than initially predicted.
A new investigation led by blockchain analyst ZachXBT on July 25th hints at losses eclipsing the $60 million mark, a sharp uptick from earlier estimates hovering around $31 million.
Prominently known for its ties with the mystery box platform HypeDrop and online betting sites like Bovada and Ignition, Alphapo operates as a central hub for cryptocurrency transactions, handling payments for e-commerce subscriptions, gaming platforms, and a plethora of digital services.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
Crypto Mining Explained: How to Earn From Mining Bitcoin? (Animated)
However, on July 23rd, security experts raised concerns over the sudden exploit of Alphapo's hot wallets, with initial losses approximated to be at least $21 million, which later reports revised upwards to beyond $31 million.
ZachXBT, in his updated report, brought to light an additional $37 million purportedly siphoned off from addresses on the Bitcoin and Tron networks, effectively pushing the estimated losses to more than $60 million.
Based on data derived from Dune Analytics, ZachXBT proposed that the Lazarus Group, a North Korea-linked notorious hacking group known for leaving a unique on-chain "fingerprint," might be behind the attack.
When confronted with speculations about a potential security breach, Alphapo refrained from direct confirmation. However, it revealed that deposits and withdrawals were in the process of being rerouted to new addresses, with the funds previously deposited to old addresses to undergo additional verification.
Similarly, HypeDrop reported experiencing "issues" that resulted in withdrawal delays. It assured, however, that normal operations would resume post-resolution.
Although neither Alphapo nor HypeDrop officially attributed the anomalies to a cyber attack, cybersecurity specialists argue that the unusual activity of large-scale fund transfers from known hot wallets coupled with stalled withdrawals implies a potential unauthorized intrusion.
The strange transfers from Alphapo are not the first incidents of such nature within the crypto industry. Earlier in July, the Multichain cross-chain bridging protocol reported mysterious withdrawals totaling over $100 million.
In light of the incident, the Multichain team halted all operations, stating that an intruder had gained access to the protocol's private keys through a cloud-based service, leading to these unexpected withdrawals.
