Crypto payment platform Alphapo had at least $31 million drained from its hot wallets on Ether (ETH), TRON (TRX) and Bitcoin (BTC), security experts reported on July 22. Since the number of Bitcoins stolen is uncertain, the numbers could be even higher.
According to on-chain sleuth ZachXBT, the funds were stolen from the Ethereum network, then exchange for ETH before being linked to the Avalanche and Bitcoin blockchains. According to the DeDotFi security team, the hack may have been cause by leaking private keys. Investigations are still ongoing.
Alphapo is a payment processor that offers instant transactions on over 30 digital assets and balances in a range of fiat currencies. The company is best known for being the crypto gateway for a number of gaming platforms including HypeDrop, Ignition, and Bovada.
Alphapo Hot Wallet hacked
Over $31,000,000 stolen, with reports suggesting up to around $100 million.
The hot wallet has been hacked on Ethereum, Tron and BTC. The stolen funds were exchanged and distributed among various EOAs.
: Here are the details of the incident pic.twitter.com/bLeCLJvH6G
— De.Fi ️ Web3 Antivirus (@DeDotFiSecurity) July 23, 2023
Following the incident, Alphapo’s client, HypeDrop, stopped processing crypto transactions. Mystery box platform said on Twitter that he is having problems with deposits and withdrawals as a result of the hack. “Please know that your HypeDrop funds are safe, but we have encountered an issue on the cryptocurrency provider side. Once provider operations resume, deposit processing will be credited accordingly,” he said.
Although he did not comment on the incident, an Alphapo spokesperson told Cointelegraph that deposits and withdrawals were reinstated for batches of currencies at a time. “We ask all of our users to refrain from sending funds to old deposit addresses. However, in the odd event that this happens, funds from these deposits will also be verified.”
In another security incident over the past few days, decentralized finance protocol Conic Finance suffered two attacks within hours. The first exploit saw $3.26 million in Ether stolen, with almost the entire amount sent to an Ethereum address in a single transaction. The second incident took place a few hours later, the protocol revealed in a post-mortem report, saying it was a variation of a sandwich attack targeting his pools, and netting the attacker around $300,000.
Magazine: Should crypto projects ever negotiate with hackers? Probably