Crypto payment platform Alphapo has at least $31 million drained from its hot wallets in Ether (ETH), TRON (TRX), and Bitcoin (BTC), security experts reported on July 22. Since the amount of stolen Bitcoins is uncertain, the figure may be higher.
According to on-chain detective ZachXBT, the funds had been stolen on the Ethereum network exchanged for ETH before being bridged to the Avalanche and Bitcoin blockchains. According to the DeDotFi security team, the hack is possible caused by private key leaks. Investigation is still in progress.
Alphapo is a payment processor that offers instant transactions on over 30 digital assets and balances in multiple fiat currencies. The company is well-known as a crypto gateway for a number of gambling platforms, including HypeDrop, Ignition, and Bovada.
Alphapo Hot Wallet Hacked
Over $31,000,000 was stolen, with reports indicating up to ~$100 million.
Hot wallets hacked on Ethereum, Tron and BTC. The stolen funds are exchanged and distributed among various EOAs.
: Here are the details of what happened pic.twitter.com/bLeCLJvH6G
— De.Fi ️ Web3 Antivirus (@DeDotFiSecurity) July 23, 2023
After the incident, Alphapo’s client, HypeDrop, stopped processing crypto transactions. Mystery box platform said on Twitter having problems with deposits and withdrawals as a result of the hack. “Please note that your HypeDrop funds are safe, but we encountered a problem on the side of the cryptocurrency provider. Once the provider’s operations resume, the deposit processing will be credited accordingly,” he said.
While not commenting on the incident, a spokesperson for Alphapo told Cointelegraph that deposits and withdrawals are being restored for a limited number of currencies at a time. “We kindly request all our users not to send funds to old deposit addresses. However in the odd case that this occurs, the funds coming from the deposit will be additionally verified.”
In another security incident over the last few days, Conic Finance’s decentralized finance protocol suffered two attacks in a matter of hours. The first exploit saw $3.26 million in Ether stolen, with nearly the entire amount sent to Ethereum addresses in just one transaction. The second incident occurred several hours later, according to protocol revealed in a post-mortem report, said it was a variant of a sandwich attack that targeted the assemblage, and netted the attackers around $300,000.
Magazine: Should crypto projects negotiate with hackers? Possible