The recent hack involving crypto payments processor Alphapo’s hot wallets is now estimated to have resulted in a loss of $60 million, as per the latest findings.
This updated figure comes after on-chain analyst ZachXBT identified an additional $37 million in stolen assets on both the Tron and Bitcoin networks — raising the initial estimate from $23 million to $60 million. This total also includes losses suffered by Coinspaid, which is an entity associated with Alphapo.
As a crypto payments processor, Alphapo managed transactions for online gambling platforms such as HypeDrop, Bovada, and Ignition. Given that hot wallets are online and constantly connected to the internet, they face a higher risk of cyberattacks compared to their offline counterparts: cold wallets.
In this instance, the hackers appear to have swapped the stolen funds on Ethereum for ETH and then transferred them to other blockchains, including Avalanche, Tron, and Bitcoin. The funds on Bitcoin were deposited into the crypto mixer service Sinbad, as informed by ZachXBT to The Block.
Potential Lazarus connection
The distinctive on-chain patterns associated with this breach, according to ZachXBT, align closely with operations previously linked to the Lazarus, a North Korean hacking group. Lazarus has been implicated in several high-profile hacks, including the Ronin bridge breach which resulted in a loss of over $600 million last year.
"This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain," ZachXBT highlighted.