Image: Kevin Ku (unsplash)
In a recent event, the infamous Lazarus hacking collective, originating from North Korea, has been indicated as the culprit behind the assault on the payment processing platform, Alphapo. As a result, close to $60 million worth of cryptocurrency was pilfered.
Acting as a centralized crypto payment provider for platforms such as online gambling sites, e-commerce subscription services, and other online interfaces, Alphapo fell victim to the attack on Sunday, July 23rd. Initial estimates have put the amount of stolen crypto at around $23 million.
The loot encompassed over 6 million USDT, 108k USDC, 100.2 million FTN, 430k TFL, 2.5k ETH, and 1,700 DAI, all siphoned from hot wallets. The cause is speculated to be the result of an exposure of private keys.
Respected crypto chain researcher, known by the alias “ZackXBT”, issued a warning the day before. He informed that an additional $37M worth of TRON and BTC had also been extracted by the attackers, as indicated by data from Dune Analytics. This brings the total sum swiped from Alphapo up to a staggering $60,000,000.
Furthermore, ZackXBT postulated that the attack bore the hallmarks of a typical Lazarus raid. He substantiated his claim by pointing out that Lazarus leaves “a distinct on-chain fingerprint,” but refrained from divulging any further information.
The Lazarus Group, a threat entity linked to the government of North Korea, has previously been associated with significant thefts such as the $35 million Atomic Wallet raid, the $100 million Harmony Horizon hack, and the massive $617 million Axie Infinity theft.
A common strategy employed by Lazarus involves sending fake job proposals to crypto firm employees, thereby tricking them into opening compromised files, which results in a breach of their systems and loss of account credentials.
This scheme opens a pathway for an attack on the victim’s employer network, granting them illicit access to plan and execute million-dollar heists meticulously.
As funds pilfered are traced to cryptocurrency exchanges, analysts have reported witnessing attempts at money laundering via platforms like Bitget, Bybit, and others. Lazarus has also been known to utilize small-scale cryptocurrency mixing services.
Dave Schwed, the COO of blockchain security enterprise Halborn, shared with BleepingComputer that it’s likely the attackers obtained private keys, granting them access to the wallets.
According to Schwed, although the specifics are unclear, the supposed “hack” seems to be linked to the theft of private keys. This deduction was based on the movement of funds from independent hot wallets and the abrupt cessation of trading. Subsequent transactions led ZackXBT to suspect the infamous Lazarus group as the orchestrators of this operation. Given their track record of similar heists, Schwed found himself in agreement with this proposition.
At this juncture, BleepingComputer is yet to independently verify the involvement of the North Korean threat entity in the Alphapo attack with blockchain analysis firms or law enforcement authorities.