In what seems to be a neverending series of incidents, another major hack has been reported, this time targeting Alphapo, a platform specializing in facilitating cryptocurrency payments for businesses. The breach was brought to light by ZachXBT, an on-chain sleuth known for tracking and investigating crypto-related incidents.
Alphapo had initially gained recognition for its ability to enable businesses to accept payments in more than 30 cryptocurrencies while supporting transactions with 23 different fiat currencies. Its ability to bridge the gap between crypto and fiat while offering a wide range of both currencies attracted numerous businesses to the platform and further solidified its reputation as a versatile and user-friendly payment solution.
The Hack
According to ZachXBT's report, who first reported the hack earlier on today, the hackers managed to exploit vulnerabilities in Alphapo's Ethereum, Bitcoin, and TRON hot wallets. The exploit resulted in the hackers subsequently draining these wallets, stealing over $23 million worth of various crypto assets.
The scale of the exploit was further verified by blockchain security firm PeckShield, which confirmed that the stolen assets included 6.074 million USDT, $108,000 USDC, 100.2M FTN, 430K TFL, 2.5K ETH, and 1,700 DAI. The hacker subsequently drained all these funds to address 0x040a.
To further hide their trail, the hackers then swapped the stablecoins for 5.73 ETH, which were then bridged to Bitcoin via the Avalanche Bridge and finally transferred to a different address. Additionally, they transferred around 12 million USDT and 5.2 million TRX to another address before finally moving the funds to TDoNAZHa7.
The repercussions of this hack are far-reaching, as Alphapo is a vital payment processor for various crypto-gambling platforms, including well-known names like HypeDrop, Ignition, and Bovada. The security breach could have significant impacts on these high-profile crypto gambling sites, leading to some platforms, like HypeDrop, suspending deposits and withdrawals for certain cryptocurrencies as a precautionary measure.
In response to concerned users, HypeDrop attributed the disruptions to their service provider, indicating that the provider was experiencing issues with BTC, ETH, and TRX withdrawals, as well as deposits for TRX and ETH. Nonetheless, the company reassured its users that their funds were secure.
Over $100 Million Stolen in July
So far, July has witnessed a surge in Web3 exploits and hacks, with DeFillama data indicating that hackers have managed to pilfer over $100 million from various blockchain protocols. One of the most significant breaches occurred on the cross-chain protocol Multichain, where hackers made away with a staggering $126 million. The circumstances surrounding the exploit have raised suspicion, with experts speculating that it might be either a rug pull or a compromise of the administrator keys.
Stablecoin issuers Tether and Circle were able to intervene in the Multichain exploit and freeze approximately $67 million worth of the stolen funds. However, the aftermath of the hack has left the Multichain team facing challenges, as they have been forced to cease operations due to a lack of operational funds and alternative sources of information.
Unfortunately, Multichain is not the only protocol that fell victim to malicious attacks this month. Several other platforms were also targeted, like the Conic Finance hack just 2 days ago, and other platforms like AnubisDAO, Rodeo Finance, and ArcadiaFi also experiencing exploits during the month, leading to significant losses in funds.