Hackers Steal Over $31 Million From Alphapo Crypto Platform
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
Hackers have managed to breach the hot wallets of Alphapo, a crypto payment processor, and made off with crypto assets worth over $31 million.
Alphapo Leaked Private Keys May Have Caused Breach
On July 22, Alphapo, a crypto payment platform, experienced a major security breach that led to the theft of at least $31 million from its hot wallets on the Ethereum network. The stolen tokens included $BTC, $ETH, and $TRON.
According to on-chain investigator ZachXBT, the hacker skillfully exchanged the stolen funds for ETH before transferring them to the Avalanche and Bitcoin blockchains, making it challenging for investigators to trace the transactions.
Earlier today Alphapo hot wallets were drained for $23M+ on ETH, TRON, BTC.
HypeDrop (Alphapo customer) has since had withdrawals disabled.
On Ethereum the stolen funds were swapped for ETH then bridged to Avalanche and Bitcoin. pic.twitter.com/pj7i3ZlBrX
— ZachXBT (@zachxbt) July 23, 2023
Blockchain security firm PeckShield confirmed that the stolen funds comprised 6.074 million $USDT, 108,000 $USDC, 100.2 million $FTN, 430,000 $TFL, 2,500 $ETH, and 1,700 $DAI.
#PeckShieldAlert @zachxbt has detected that #Alphapo hot wallets were drained for $23M+ worth of cryptos.
~6.074M $USDT, $108K $USDC, 100.2M $FTN, 430K $TFL, 2.5K $ETH, and ~1.7K $DAI were drained from #Alphapo to 0x040a…0d17.
The drainer then swapped stablecoins and some other… https://t.co/PGrk9QK2Cr pic.twitter.com/obK8qAel3Z— PeckShieldAlert (@PeckShieldAlert) July 23, 2023
All these funds were transferred to the wallet address “0x040a96659fd7118259ebcd547771f6ecb9580d17”.
Additionally, approximately 12 million $USDT and 5.2 million $TRX were sent to “TKSitnfTLVMRbJsF1i2UH5hNUeHLDrXDiY” before eventually being transferred to “TDoNAZHa7WxarUAFbQUhiijTGtd7EpbzRh.”
Due to the uncertain number of stolen $BTC coins, the total theft could reach as high as $100 million.
DeDotFi’s security team has proposed the possibility that the hack could be attributed to the leakage of private keys.
5/ The investigation into the Alphapo incident continues. A potential cause is a private keys leakage.
As of now, the exact amount of stolen BTC remains unconfirmed. Stay tuned for further updates.
— De.Fi 🛡️ Web3 Antivirus (@DeDotFiSecurity) July 23, 2023
Nonetheless, ongoing investigations are being conducted to ascertain the cause of the breach that led to theft.
Alphapo, known for enabling instant transactions in over 30 digital assets and various fiat currencies, primarily serves as a crypto gateway for several gambling platforms like HypeDrop, Ignition, and Bovada.
Considering the utilization of its service by many major crypto-gambling sites, the hack can have a significant impact.
Following the security breach, HypeDrop, one of Alphapo’s clients, ceased processing crypto transactions and acknowledged the deposit and withdrawal issues on Twitter.
🚨 An update!
We apologize for any inconvenience caused recently by the ongoing deposit and withdrawal issues. Please know that your HypeDrop funds are safe, but we encountered an issue on the cryptocurrency provider's side.
Once the provider's operations resume, processing…
— HypeDrop (@HypeDrop) July 23, 2023
The platform assured users their HypeDrop funds were safe, but pending crypto withdrawals would remain “Pending” until the cryptocurrency provider resolved the issue.
However, an Alphapo spokesperson refrained from commenting on the incident but mentioned that deposits and withdrawals were gradually being reinstated for different currencies.
They also urged users not to send funds to old deposit addresses and assured additional verification for funds resulting from such deposits.
Over $100 million Stolen in July By Hackers
The Web3 space has witnessed a surge in exploits and hacks this month, with hackers having already stolen over $100 million from various blockchain protocols, as reported by DeFillama data.
The most significant breach occurred in the cross-chain protocol, Multichain, resulting in a staggering theft of $126 million.
1/6 🧵 Someone exploited Multichain’s Fantom bridge, causing an estimated loss of $126 million.
Let’s unpack what happened and what this means for Multichain and the wider blockchain ecosystem.👇 pic.twitter.com/HSNwVwgD9m
— BridgeMutual.io 🦇🔊🌉 ($BMI) (@Bridge_Mutual) July 8, 2023
The suspicious nature of this exploit has led experts to speculate that it might have resulted from either a rug pull or a compromise of the administrator keys.
During this incident, stablecoin issuers Tether and Circle were able to freeze approximately $67 million worth of funds from the exploit.
Furthermore, due to a lack of operational funds and alternative sources of information, the Multichain team decided to halt operations.
In another security incident, the decentralized finance protocol, Conic Finance, experienced two attacks in a short period.
Seems @ConicFinance was exploited for $3.26M in tx: https://t.co/K0VjnFprAE
The stolen funds were sent to 0x3d32C5a2E592c7B17e16bdDc87EAb75f33ae3010 pic.twitter.com/mZr4MOkMQF
— Beosin Alert (@BeosinAlert) July 21, 2023
In the first exploit, $3.26 million in $ETH was stolen, with nearly the entire amount sent to a single Ethereum address in a single transaction.
The second attack, occurring a few hours later, was identified as a variant of a sandwich attack, targeting the protocol’s pools and resulting in the attacker netting around $300,000.
As the crypto industry continues to evolve, it becomes imperative for all stakeholders to collaborate to fortify it against potential breaches and ensure the protection of investors worldwide.
