The hot wallets of cryptocurrency payments service Alphapo were exploited by hackers, resulting in the loss of more than $23 million in various digital currencies.
This cyber theft was first flagged by blockchain investigator ZachXBT, who pointed out that the hackers targeted Alphapo's hot wallets of Bitcoin, Ethereum, and TRON. They successfully exchanged the plundered Ethereum-based assets into ETH before moving these into Bitcoin and Avalanche.
Looking Closer at the Alphapo Breach
Supporting ZachXBT's findings, blockchain security company PeckShield highlighted that the stolen assets included 6.074 million USDT, $108,000 USDC, 100.2M FTN, 430K TFL, 2.5K ETH, and 1,700 DAI. All these assets were transferred to the hacker's 0x040a account.
The perpetrator converted the stablecoins into 5.73 ETH and then transferred them into Bitcoin using the Avalanche Bridge. They also took roughly 12 million USDT and 5.2 million TRX to TKSitn before shifting these assets to TDoNAZHa7.
Alphapo acts as the payment facilitator for various cryptocurrency gambling platforms, such as HypeDrop, Ignition, and Bovada. This cybersecurity incident could have broad repercussions considering the many prominent crypto gambling sites utilizing Alphapo's services.
In response to this situation, HypeDrop has halted the deposit and withdrawal functionalities for certain cryptocurrencies.
The company stated, "We are actively monitoring the situation with them and will provide you with an update when more information is available."
At the time of reporting, Alphapo had not yet responded to a request for comment from BeInCrypto.
Increasing Cyber Thefts in July
This event is part of a growing trend of Web3 security breaches and thefts in July. Data from DeFillama reveals that over $100 million has already been stolen by hackers across various blockchain networks this month.
The most substantial security breach involved the theft of $126 million from the cross-chain protocol, Multichain. While the exact circumstances surrounding this exploit are still shrouded in mystery, analysts speculate it could be the result of a rug pull or a breach of the admin keys.