Alphapo, a crypto payment platform, has been hacked and drained of $23 million in Bitcoin, Ethereum, and Tron. ZachXBT, a crypto analyst, identified and reported the loss from the platform’s hot wallets today.
The attackers executed a complex attack on Alphapo’s hot wallets, giving them control over the user funds on numerous blockchains without authorization. ZachXBT explains that it was difficult to track the transactions since the stolen money was transferred to Ethereum and bridged to the Avalanche network and Bitcoin.
Alphapo client HypeDrop disables withdrawals
Alphapo processes payment for gambling services, such as Bovada, Ignition, and HypeDrop. HypeDrop, so far, has had to disable withdrawals.
The project’s verified Twitter account sent multiple replies explaining to their customers that their supplier was attempting to remedy some recent issues on their side. It confirmed that there are some challenges relating to BTC, ETH, and TRX withdrawals, as well as deposits for ETH and TRX. However, the team plans to monitor the situation quickly and provide updates once more information becomes available. Meanwhile, the project has assured its customers that if their payment had been affected, their funds are secure.
A user has expressed worries regarding HypeDrop’s activities in a similar development. The user claims that Killian, the manager of HypeDrop, runs several illegal online casinos. According to the user, large winners are immediately subject to a Know Your Customer (KYC) procedure that has supposedly been made public in the past, especially with their influencers. Additionally, the consumer claims that the KYC procedure is never approved. The user also attacks HypeDrop’s stance on their CSGO gambling sites, which only enables influencers and skin suppliers to carry out both deposits and withdrawals while other users can only deposit.
Alphapo’s attack is the most recent in a slew of DeFi vulnerabilities that have rocked the sector in 2023. Conic Finance, a platform for balancing liquidity pools for the widely-used DeFi protocol Curve, was also recently the victim of a major attack that resulted in the loss of $3.2 million in ether (ETH).
According to a recent report, the second quarter of this year alone saw losses of over $204 million due to DeFi breaches and frauds. Even while the numbers are lower than the prior quarter, when losses exceeded $320 million, the pattern continues to raise major questions about the security procedures and protocols used by DeFi platforms.