AlphaPo - REKT
$60M gone and it barely raises an eyebrow…
AlphaPo, a crypto payments processor for gambling platforms, lost $60M across ETH, TRON and BTC over the weekend.
The initial figure, reported by ZachXBT, sat at $23M before a further $37M were traced and added to the total yesterday.
Hypedrop, who rely on AlphaPo, have suspended deposits and have reassured users that withdrawals will eventually be paid out, but declined to mention the hack.
Both the attack type and pattern of transactions post-hack point to a certain set of state-sponsored cybercriminals:
This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain.
It’s been a while since we’ve seen a centralised platform’s hot wallet drained…
Lazarus must have been focusing their efforts elsewhere.
Could this be the start of another CEX spearphishing spree?
As ever, stories of compromised hot wallets leave little to be said. The phishing techniques used by sophisticated groups like Lazarus are varied and ever-evolving.
But they alway have a common goal…
On Ethereum, the attack begun when AlphaPo’s hot wallet (alphapo.eth) began to be drained in the early hours (UTC) of Saturday.
2464 ETH ($4.6M) and a variety of other coins (including over 6M USDT) were transferred to the hacker’s address, swapped to ETH, were then consolidated into a secondary account before being dispersed. Some of the stolen funds on Tron were sent to CEXs.
Attacker’s main addresses:
ETH
0x040a96659fd7118259ebcd547771f6ecb9580d17
0x6d2e8a20b8afa88d92406d315b67822c01e53c38
0xde374094C837D192B61972172740BDAfc4eE16E0
TRON
TKSitnfTLVMRbJsF1i2UH5hNUeHLDrXDiY
TDoNAZHa7WxarUAFbQUhiijTGtd7EpbzRh
TJF7mdFxDuHB4tb9hoyR4SCpKxk7gr23ym
According to ZachXBT the movement of funds on-chain (tracked in this dashboard) have a strong correlation with patterns associated with the Lazarus group.
MistTrack’s analysis of the wallets involved have shown links to addresses involved in the draining of Atomic Wallet accounts (also attributed to Lazarus) and a potential, but as yet acknowledged, attack on Coinspaid.
A $60M hack would have topped the rekt.news leaderboard up until the mammoth Poly Network exploit in August of 2021.
But nowadays, such blips are in and out of the news cycle in the blink of an eye.
Are we simply becoming desensitised to such large losses?
Or are we just getting increasingly apathetic as the bear market drags on?
Or, perhaps, the only ones still here too busy either building or hamster racing to notice.
One thing’s for sure, Lazarus isn’t getting bored.
REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.
donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C
disclaimer:
REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.
you might also like...
ZKasino - Rekt
The house always wins and ZKasino hit the jackpot, making off with a $33 million rug over the weekend.
Hedgey Finance - Rekt
Not a good strategy to hedge your bets. Hedgey Finance rocked by $44.7 million flash loan attack across both the Arbitrum and Ethereum platforms.
Grand Base - REKT
Thieves in the night take advantage of Open House as RWA protocol on Base leaves the front door unlocked. Grand Base slammed in $2m exploit due to a deployer wallet private key leak.