Hackers have stolen over $23 million worth of crypto assets from hot wallets belonging to crypto payments service provider Alphapo.
On-chain sleuth ZachXBT first identified the hack, stating that it affected Alphapo’s Ethereum, Bitcoin, and TRON hot wallets. The hacker swapped funds stolen on Ethereum for ETH and bridged it to Avalanche and Bitcoin.
The Scale of Alphapo’s Exploit
Blockchain security firm PeckShield corroborated ZachXBT’s report, noting that the stolen funds include 6.074 million USDT, $108,000 USDC, 100.2M FTN, 430K TFL, 2.5K ETH, and 1,700 DAI. All the funds were drained to 0x040a.
The hacker swapped the stablecoins for 5.73 ETH before bridging them to BTC through the Avalanche Bridge. They also drained about 12 million USDT and 5.2 million TRX to TKSitn before transferring the funds to TDoNAZHa7.
Alphapo is the payment processor for several crypto-gambling platforms, including HypeDrop, Ignition, and Bovada. The hack could have significant impacts, given the several high-profile crypto gambling sites that use its service.
The incident has led to HypeDrop suspending deposits and withdrawals for some cryptocurrencies.
When a user questioned HypeDrop about its deposit and withdrawal issues, the firm attributed the situation to an unnamed third-party service provider. It added that the provider was having problems with BTC, ETH, and TRX withdrawals and the deposits for TRX and ETH. However, it stated that users’ funds were secure.
“We are actively monitoring the situation with them and will provide you with an update when more information is available.”
Alphapo was yet to respond to BeInCrypto’s request for comment a the time of writing.
More than $100 million Stolen in July
The incident adds to the growing number of Web3 exploits and hacks in July. DeFillama data shows that hackers have already stolen over $100 million across several blockchain protocols.
The most significant exploit was the $126 million stolen from the cross-chain protocol, Multichain. While the exploit’s circumstances remain suspicious, experts believe it is either a rug pull or a compromise of the administrator keys.
Stablecoins issuers, Tether and Circle, were able to freeze about $67 million worth of funds from the exploit. But the Multichain team has ceased operations, citing a lack of operational funds and alternative sources of information.
Other protocols exploited this month include AnubisDAO, Conic Finance, Rodeo Finance, ArcadiaFi, etc.
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.