TL;DR Breakdown

  • Alphapo, a crypto payment provider, reportedly faced a massive cyberattack resulting in losses of over $60 million. The attack is suspected to be carried out by the infamous Lazarus Group, a cybercrime syndicate associated with North Korea.

  • The incident raises concerns about cybersecurity in the cryptocurrency industry, emphasizing the importance of robust security measures to protect user funds and prevent similar large-scale attacks in the future.

In a shocking turn of events, Alphapo, a centralized crypto payment provider catering to e-commerce subscription services, gaming sites, and online businesses, has reportedly fallen victim to a devastating cyberattack. According to renowned on-chain sleuth ZachXBT, the estimated losses from the unconfirmed attack have now escalated to an astonishing $60 million. This staggering amount comes after an additional $37 million in losses was identified, far surpassing the initial reports of approximately $31 million.

Alphapo gained prominence as the payment provider for various platforms, including the mystery box platform HypeDrop, as well as gambling sites like Bovada and Ignition. On July 23, security experts began sounding the alarm, noting that the platform’s hot wallets had been drained of at least $21 million, with some sources even claiming the losses exceeded $31 million.

The Mysterious Circumstances Surrounding Alphapo’s Alleged Hack

Despite mounting evidence pointing towards a malicious attack, Alphapo remained tight-lipped about the alleged hack, leaving users in a state of uncertainty. The company did disclose to Cointelegraph that they were reinstating deposits and withdrawals through new addresses, while also assuring users that funds deposited to old addresses would undergo additional verification.

HypeDrop, one of the platforms relying on Alphapo’s services, acknowledged the payment provider’s issues, leading to withdrawal delays. However, they expressed optimism that withdrawals would resume once the problem was resolved. While neither Alphapo nor HypeDrop explicitly confirmed the occurrence of a hack, security researchers insisted that the significant outflows from identifiable hot wallets, coupled with stalled withdrawals, strongly suggested that an attacker was at play.

A Potential Link to Lazarus Group – A Notorious Cybercrime Syndicate

The latest report from ZachXBT sheds light on a plausible connection between the attack on Alphapo and the notorious Lazarus Group. This cybercrime syndicate first surfaced in 2014 and has been linked to the government of North Korea by a consortium of security researchers led by Novetta. Known for its sophisticated tactics and vast criminal network, the Lazarus Group is a significant concern for cybersecurity experts worldwide.

According to ZachXBT’s analysis, the attack on Alphapo bore the distinct hallmarks typically left behind by the Lazarus Group in their previous operations. The hacker group’s involvement, if confirmed, could have severe implications for both the affected platform and the broader cryptocurrency community.

Alarming Trend in July: Similarities to Multichain’s Mysterious Losses

The cryptocurrency space witnessed another unsettling event in July when Multichain, a cross-chain bridging protocol, faced unexplained withdrawals exceeding $100 million. Subsequently, the Multichain team revealed that an attacker had managed to gain access to the protocol’s private keys through a cloud storage service, prompting them to cease operations.

The similarities between the mysterious losses suffered by Multichain and Alphapo have raised concerns within the industry. Experts are now urging centralized crypto providers to bolster their security measures to safeguard user funds and prevent further large-scale attacks.

Conclusion

The alleged hack on Alphapo, causing losses exceeding $60 million, has sent shockwaves through the cryptocurrency community. As investigations continue, the suspected involvement of the Lazarus Group further heightens concerns about cybersecurity threats in the digital asset landscape. The incident serves as a stark reminder for companies operating in the crypto space to prioritize robust security practices to protect their users and assets from malicious actors. Authorities and industry players must collaborate to combat cybercrime and ensure the safety and integrity of the rapidly growing cryptocurrency ecosystem.