Written by Hazel J. Greene, Senior Analyst

Alphapo, a prominent crypto payment platform, recently fell victim to a staggering breach in its hot wallets. The hackers targeted Ethereum, TRON, and Bitcoin, resulting in losses amounting to a minimum of $31 million. With the exact extent of the theft still uncertain, the total sum drained from Alphapo could potentially exceed this already substantial figure.

On the day of the incident, cybersecurity expert DeDotFi disclosed on Twitter that the breach occurred due to a leak of private keys. While Alphapo has confirmed the loss of $31 million, emerging reports suggest that the magnitude of compromise might be even more significant, with some estimates suggesting up to $100 million worth of funds being compromised.

Blockchain analyst ZachXBT revealed that the stolen funds initially originated from the Ethereum network. Subsequently, the hackers engaged in a series of transactions, involving swapping the stolen funds for ETH and further bridging them to the Avalanche and Bitcoin blockchains. This intricate web of transactions appears to be an attempt to conceal the stolen funds’ origins and mask their tracks.

Leading blockchain security firm PeckShield conducted an analysis of the stolen funds and discovered a variety of cryptocurrencies, including USDT, USDC, FTN, TFL, TRX, ETH, and DAI. The hackers employed a combination of swaps and bridges to move these assets between multiple wallets.

The stolen assets consisted of 6.074 million USDT, 108,000 USDC, 100.2 million FTN, 430,000 TFL, 2,500 ETH, and 1,700 DAI. All these cryptocurrencies were consolidated in a single location, specifically the address 0x040a.

In their quest to obfuscate the trails, the hackers initiated a series of transactions, swapping stablecoins for 5,730 ETH before finally bridging them to BTC using the Avalanche Bridge. Additionally, they drained around 12 million USDT and 5.2 million TRX to the wallet address TKSitn, subsequently transferring the funds to TDoNAZHa7.

Security experts at SlowMist have revealed that the hacker’s modus operandi bears striking resemblance to previous attacks linked to the North Korean cybercrime group, Lazarus. This connection raises concerns about the challenging task of identifying and bringing the perpetrators to justice.

Alphapo’s client, HypeDrop, a renowned cryptocurrency gambling platform, has taken precautions in response to the security breach. The platform has temporarily suspended deposits and withdrawals for certain cryptocurrencies. HypeDrop emphasized on Twitter that they are facing challenges with processing transactions but assured users that pending deposits will be credited once payment operations resume. However, any pending withdrawals will be canceled to ensure the safety and integrity of user transactions, requiring users to submit new withdrawal requests.

Disclaimer: The information provided in this research report is for informational purposes only and should not be interpreted as financial or investment advice. The cryptocurrency market is highly volatile, and readers should conduct thorough research before making any investment decisions.