AlphaPo - $60M Cryptocurrency Hack (July 2023)
What Happened
AlphaPo, a cryptocurrency payments processor serving gambling platforms, suffered a major breach resulting in the loss of $60 million across multiple blockchain networks over the weekend of July 26, 2023. Initial discovery reported $23 million; an additional $37 million was traced subsequently.
Financial Impact
• Total Loss: $60 million
• Ethereum: 2,464 ETH (~$4.6M) plus 6M+ USDT and other tokens
• Additional Networks: Funds also stolen across TRON and Bitcoin
Attack Vector
The compromise involved phishing techniques targeting AlphaPo's infrastructure. Sophisticated social engineering capabilities typical of state-sponsored threat actors.
Technical Details
Ethereum Theft Chain:
The attacker drained AlphaPo's hot wallet (alphapo.eth at
0x6dfc34609a05bc22319fa4cce1d1e2929548c0d7).Key Transactions:
• Initial drain: 0xd77012e22dbf51aceb4b759db83ef767af165c258d1c423187a6f10324d1d064
• Consolidation: 0xf78c52dbb2a7ac33862b6203f4af7138a8561d7fc46b6c00ec51d7f7f818446f
Attacker Addresses:
Ethereum:
•
0x040a96659fd7118259ebcd547771f6ecb9580d17•
0x6d2e8a20b8afa88d92406d315b67822c01e53c38•
0xde374094C837D192B61972172740BDAfc4eE16E0TRON:
•
TKSitnfTLVMRbJsF1i2UH5hNUeHLDrXDiY•
TDoNAZHa7WxarUAFbQUhiijTGtd7EpbzRh•
TJF7mdFxDuHB4tb9hoyR4SCpKxk7gr23ymAttribution
Security analysts attributed the breach to the Lazarus group. Assessment based on distinctive on-chain transaction patterns and fund movement correlations with Atomic Wallet compromise.
Remediation
Hypedrop, a platform reliant on AlphaPo's services, suspended deposits while attempting to honor user withdrawals.