Crypto payment platform Alphapo had at least $31 million drained from its hot wallets of Ether (ETH), TRON (TRX), and Bitcoin (BTC), security experts reported on July 22. Since the number of Bitcoins stolen is uncertain, the numbers could be even higher.
According to on-chain sleuth ZachXBT, the funds were stolen from the Ethereum network, then traded for ETH before being linked to the Avalanche and Bitcoin blockchains. According to DeDotFi’s security team, the hack might CAUSE through a leak of private keys. The investigation is still ongoing.
Alphapo is a payment processor that offers instant transactions in over 30 digital assets and balances in various fiat currencies. The company is best known for being the crypto gateway for several gambling platforms, including HypeDrop, Ignition, and Bovada.
Alphapo Hot Wallet Hacked
Over $31,000,000 was stolen, with reports suggesting up to ~ $100 million.
Hot wallet is hacked with Ethereum, Tron and BTC. The stolen funds were exchanged and distributed among the various EOAs.
: Here are the details of the incident pic.twitter.com/bLeCLJvH6G
— De.Fi ️ Web3 Antivirus (@DeDotFiSecurity) July 23, 2023
Following the incident, Alphapo’s client HypeDrop stopped processing crypto transactions. The Mystery box platform SAYS on Twitter that it is experiencing issues with deposits and withdrawals as a result of the hack. “Please know that your funds are safe with HypeDrop, but we have encountered an issue on the part of the cryptocurrency provider. Once the provider resumes operations, the processing of deposits will be credited accordingly,” it said.
Despite not commenting on the incident, an Alphapo spokesperson told Cointelegraph that deposits and withdrawals were returned for batches of currencies at a time. “We kindly ask all our users to avoid sending funds to old deposit addresses. But in the rare case it happens, the funds obtained from those deposits will be further verified.”
In another security incident in the past few days, the decentralized finance protocol Conic Finance experienced two attacks within a few hours. The first exploit saw $3.26 million in Ether stolen, with nearly the entire amount sent to an Ethereum address in just one transaction. The second incident happened a few hours later, the protocol was revealed in a post-mortem report, saying it was a variant of the sandwich attack that targeted its pools, and got the attacker about $300,000.
Magazine: Should crypto projects negotiate with hackers? perhaps