The infamous North Korean hacker group, Lazarus, is once again in the headlines as they are attributed to yet another audacious multi-million dollar hack. This time, their target was Alphapo, a prominent payment processor associated with gambling sites and e-commerce platforms.
Crypto investigator ZachXBT first detected the exploit on July 22 when multiple hot wallets linked to Alphapo were mercilessly drained, resulting in a staggering loss of over $23 million in cryptocurrencies. The hackers seemed to have a preference for Ethereum (ETH), Bitcoin (BTC), and Tron (TRX) as they made off with significant sums from each.
The initial hack, allegedly carried out by Lazarus, saw a haul of $6 million in USDT tokens, $108,000 in USDC, 2,500 ETH, and several other tokens being drained and promptly swapped into various stablecoins and Bitcoin using the Avalanche platform.
While the extent of the Bitcoin theft remains uncertain, ZachXBT, the diligent investigator, tweeted, “It remains unclear at this time how much BTC was stolen.” However, despite this uncertainty, the overall damage inflicted on Alphapo is undeniably severe.
In an unexpected twist, Alphapo was hit by a second exploit later in the week, with an additional $37 million worth of stolen Bitcoin and Tron being exposed through the use of on-chain analytic tools. This discovery has pushed the total amount stolen in this series of attacks to a whopping $60 million, leaving the platform and its users reeling from the financial blow.
Lazarus’ involvement is suspected, as the hacking group is known for leaving distinct fingerprints on the blockchain, a modus operandi noted by ZachXBT during his investigation. The North Korean hackers have earned a notorious reputation for their sophisticated cyber operations, and this latest incident further cements their position as a significant threat to the global crypto community.
Alphapo is yet to release an official statement regarding the breach. Users and investors on the platform are anxiously awaiting updates and assurance of increased security measures to prevent future attacks.
With each high-profile hack, the urgency for stronger security in the crypto space becomes more apparent. Industry players and regulators are likely to intensify their efforts to safeguard digital assets and hold cybercriminals accountable.
As the investigation into the Alphapo breach unfolds, the wider cryptocurrency community remains on high alert, knowing that Lazarus and other cybercriminals will be ever-ready to exploit any vulnerability they can find.