AlphaPo - REKT

$60M gone and it barely raises an eyebrow…

AlphaPo, a crypto payments processor for gambling platforms, lost $60M across ETH, TRON and BTC over the weekend.

The initial figure, reported by ZachXBT, sat at $23M before a further $37M were traced and added to the total yesterday.

Hypedrop, who rely on AlphaPo, have suspended deposits and have reassured users that withdrawals will eventually be paid out, but declined to mention the hack.

Both the attack type and pattern of transactions post-hack point to a certain set of state-sponsored cybercriminals:

This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain.

It’s been a while since we’ve seen a centralised platform’s hot wallet drained…

Lazarus must have been focusing their efforts elsewhere.

Could this be the start of another CEX spearphishing spree?

As ever, stories of compromised hot wallets leave little to be said. The phishing techniques used by sophisticated groups like Lazarus are varied and ever-evolving.

But they alway have a common goal…

On Ethereum, the attack begun when AlphaPo’s hot wallet (alphapo.eth) began to be drained in the early hours (UTC) of Saturday.

2464 ETH ($4.6M) and a variety of other coins (including over 6M USDT) were transferred to the hacker’s address, swapped to ETH, were then consolidated into a secondary account before being dispersed. Some of the stolen funds on Tron were sent to CEXs.

Attacker’s main addresses:









According to ZachXBT the movement of funds on-chain (tracked in this dashboard) have a strong correlation with patterns associated with the Lazarus group.

MistTrack’s analysis of the wallets involved have shown links to addresses involved in the draining of Atomic Wallet accounts (also attributed to Lazarus) and a potential, but as yet acknowledged, attack on Coinspaid.

A $60M hack would have topped the leaderboard up until the mammoth Poly Network exploit in August of 2021.

But nowadays, such blips are in and out of the news cycle in the blink of an eye.

Are we simply becoming desensitised to such large losses?

Or are we just getting increasingly apathetic as the bear market drags on?

Or, perhaps, the only ones still here too busy either building or hamster racing to notice.

One thing’s for sure, Lazarus isn’t getting bored.

share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C


REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.