Additional $37M discovered in web3 casino payment provider hack Additional $37M discovered in web3 casino payment provider hack
Uncovering the $60 million security breach of cryptocurrency payment service Alphapo's hot wallet.
2 min read
Updated: Jul. 25, 2023 at 12:54 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Alphapo, a cryptocurrency payment service provider, reportedly suffered a significant security breach within its hot wallet, resulting in a loss of over $60 million, with some reports suggesting total losses could amount to around $100 million, according to De.Fi, the web3 antivirus company.
The original hack was discovered on July 23 by blockchain investigator, ZachXBT, who reported that “Alphapo hot wallets were drained for $23M+ on ETH, TRON, BTC.”
A wallet belonging to Alphapo was reportedly hacked across the multiple platforms, with stolen funds being dispersed across various External Owned Accounts (EOAs).
ZachXBT posted an update to his investigation on July 25, commenting,
“An additional $37M stolen on TRON & BTC from this hack has been located.
This now brings the total amount stolen to $60M.
This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain.”
Ongoing attack
As reported by De.Fi, the web3 antivirus, Alphapo is a crucial conduit for processing payments for gambling services such as HypeDrop, Bovada, and Ignition. Following the breach, HypeDrop, one of Alphapo’s customers, had to turn off withdrawal services swiftly.
In a statement released on July 23, HypeDrop reassured its users that “if your payment has been affected, your funds are secure.” The company also stated that it is actively monitoring the situation and would provide updates as more information becomes available.
HypeDrop later updated users stating,
“Please know that your HypeDrop funds are safe, but we encountered an issue on the cryptocurrency provider’s side.
Once the provider’s operations resume, processing deposits will be credited accordingly.”
The attacked wallet, known as Alphapo.eth, had its funds converted into Ethereum (ETH) by the hackers. The funds were then routed through different channels, including Avalanche and Bitcoin. Evidence from the Etherscan transaction records points to a consistent outflow of funds from the Alphapo.eth wallet. Initial estimates put the value of the stolen tokens to be in the region of $31 million.
The attacker or attackers involved in the incident are reportedly associated with the addresses ‘0x6d2e8,’ ‘0x040a9,’ ‘TDoNAZ,’ and ‘TKSitn.’
The consensus among the cybersecurity community is that the investigation into the Alphapo incident is still ongoing.
Preliminary indications from De.Fi suggests that private key leakage could be a potential cause of the breach.
The exact amount of stolen Bitcoin remains unconfirmed outside of De.Fi and ZachXBT’s projections. However, over $60 million has been discovered as of press time.
Mentioned in this article
Author 
Liam 'Akiba' Wright
Also known as "Akiba," Liam is a reporter, editor and podcast producer at CryptoSlate. He believes that decentralized technology has the potential to make widespread positive change.
Editor Editor 
News Desk
CryptoSlate is a comprehensive and contextualized source for crypto news, insights, and data. Focusing on Bitcoin, macro, DeFi and AI.
In this article
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
Bitcoin
$63,727.24
Bitcoin, a decentralized currency that defies the sway of central banks or administrators, transacts electronically, circumventing intermediaries via a peer-to-peer network.
ZachXBT is an independent on-chain sleuth who is popular on revealing bad actors in the crypto space.