1. Home
  2. hot wallets

hot wallets

Alphapo payment provider hack now estimated at over $60M — ZachXBT

The on-chain sleuth ZachXBT claims to have found an additional $37 million in losses suffered from the unconfirmed attack.

The alleged Alphapo payments provider hack of July 23 is now estimated to have caused losses exceeding $60 million, according to a July 25 report from on-chain sleuth ZachXBT. The loss was previously reported at roughly $31 million.

Alphapo is a centralized crypto payment provider for e-commerce subscription services, gaming sites and other online businesses. It’s known as the provider for mystery box platform HypeDrop and gambling sites Bovada and Ignition. On July 23, security experts began reporting that the site’s hot wallets appeared to have been drained of at least $21 million, with some sources reporting that the losses exceeded $31 million.

At the time, Alphapo did not comment on the alleged hack, but it did tell Cointelegraph that deposits and withdrawals were being reinstated at new addresses. The team said funds deposited to old addresses will be “additionally verified.” HypeDrop confirmed that its payment provider was “experiencing issues” that were causing withdrawals to be delayed but that withdrawals would be reinstated once the issue was resolved.

Related: Curve omnipool platform Conic Finance hacked for $3.2M in ETH

Neither company confirmed that the issues were caused by a hack, but security researchers have argued that the large outflows from known hot wallets, combined with stalled withdrawals, imply that the funds may have been moved by an attacker.

The new report from ZachXBT identifies an additional $37 million allegedly drained from the old addresses on the Tron and Bitcoin networks, bringing the total to more than $60 million in losses. Citing data from Dune Analytics, the on-chain sleuth argued that the Lazarus Group may be behind the attack:

“This hack appears to likely have been done by Lazarus as they create a very distinct fingerprint on-chain.”

The Lazarus Group is a cybercrime group first identified by a consortium of security researchers led by Novetta in 2014. The group is believed to have ties to the government of North Korea.

Alphapo is not the only centralized crypto provider to have suffered mysteriously large withdrawals in July. On July 7, cross-chain bridging protocol Multichain suffered over $100 million in unexplained withdrawals. On July 14, the Multichain team announced that it would stop operations after revealing that these withdrawals had been caused by an attacker accessing the protocol’s private keys through a cloud storage service.

$200,000 Bitcoin ‘Doable’ in 2025 Courtesy of One Catalyst, Says Venture Capitalist Dan Tapiero

Bitcoin ATM maker shuts cloud service after user hot wallets compromised

Bitcoin ATM manufacturer General Bytes said a hacker was able to install and run a Java application in its terminals that could access user information and send funds from hot wallets.

Bitcoin ATM manufacturer General Bytes has shuttered its cloud services after discovering a “security vulnerability” that allowed an attacker to access users' hot wallets and gain sensitive information, such as passwords and private keys.

The company is a Bitcoin (BTC) ATM manufacturer based in Prague, and according to its website, has sold over 15,000 ATMs to over 149 countries all over the world.

In a March 18 patch release bulletin, the ATM manufacturer issued a warning explaining that a hacker has been able to remotely upload and run a Java application via the master service interface into its terminals aimed at stealing user information and sending funds from hot wallets.

General Byes founder Karel Kyovsky in the bulletin explained this allowed the hacker to achieve the following:

  • "Ability to access the database.
  • Ability to read and decrypt API keys used to access funds in hot wallets and exchanges.
  • Send funds from hot wallets.
  • Download user names, their password hashes and turn off 2FA.
  • Ability to access terminal event logs and scan for any instance where customers scanned private key at the ATM. Older versions of ATM software were logging this information."

The notice reveals that both General Bytes' cloud service was breached as well as other operators' standalone severs. 

“We’ve concluded multiple security audits since 2021, and none of them identified this vulnerability,” Kyovsky said.

Hot wallets compromised

Though the company noted that the hacker was able to “Send funds from hot wallets,” it did not disclose how much was stolen as a result of the breach.

However, General Bytes released the details of 41 wallet addresses that were used in the attack. On-chain data shows multiple transactions into one of the wallets, resulting in a total balance of 56 BTC, worth over $1.54 million at current prices.

General Bytes released the details of 41 wallet addresses used in the attack. Source: General Bytes

Another wallet shows multiple Ether (ETH) transactions, with the total received amounting to 21.82 ETH, worth roughly $36,000 at current prices.

Cointelegraph reached out to General Bytes for confirmation but did not receive a reply before publication.

Related: Bitcoin ATM decline: Over 400 machines went off the grid in under 60 days

The company has urgently advised BTC ATM operators to install their own standalone server and released two patches for their Crypto Application Server (CAS), which manages the ATM's operation.

General Bytes is a Bitcoin ATM manufacturer based in Prague that has sold over 15,000 ATMs worldwide. Source: General Bytes

"Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN," Kyovsky wrote.

"Additionally consider all your user's passwords, and API keys to exchanges and hot wallets to be compromised. Please invalidate them and generate new keys & password."

General Bytes previously had its servers compromised via a zero-day attack in September last year that enabled hackers to make themselves the default administrators and modify settings so that all funds would be transferred.

$200,000 Bitcoin ‘Doable’ in 2025 Courtesy of One Catalyst, Says Venture Capitalist Dan Tapiero

Major Cryptocurrency ATM Manufacturer General Bytes Hacked, Over $1.5M in Bitcoin Stolen

Major Cryptocurrency ATM Manufacturer General Bytes Hacked, Over .5M in Bitcoin StolenGeneral Bytes experienced a security incident on March 17 and 18 that enabled a hacker to remotely access the master service interface and send funds from hot wallets, according to the company and sources. The breach forced a majority of U.S.-based crypto automated teller machine (ATM) operators to temporarily shut down. The hacker was able […]

$200,000 Bitcoin ‘Doable’ in 2025 Courtesy of One Catalyst, Says Venture Capitalist Dan Tapiero

Bitcoin Family Says They Are Moving $1M in Crypto to Decentralized Exchanges After FTX Collapse

Bitcoin Family Says They Are Moving M in Crypto to Decentralized Exchanges After FTX CollapseIn October 2017, Netherlands native Didi Taihuttu and his family sold all their valuable belongings and their house for bitcoin. The decision paid off and the Taihuttu family has traveled all around the world and recently moved to the island of Phuket. On Nov. 30, the 44-year-old Didi Taihuttu told CNBC that after storing crypto […]

$200,000 Bitcoin ‘Doable’ in 2025 Courtesy of One Catalyst, Says Venture Capitalist Dan Tapiero

Kraken’s Jesse Powell Takes Aim at Newly Launched Proof-of-Reserve Lists, POR Audit ‘Requires Cryptographic Proof’

Kraken’s Jesse Powell Takes Aim at Newly Launched Proof-of-Reserve Lists, POR Audit ‘Requires Cryptographic Proof’On Tuesday, amid the many conversations concerning crypto exchange proof-of-reserves, Kraken executive Jesse Powell shared a screenshot of coinmarketcap.com’s newly launched proof-of-reserves (POR) dashboard. Powell said he planned to be “more assertive with calling out problems,” and he stressed that a POR audit “requires cryptographic proof of client balances and wallet control.” Jesse Powell Stresses […]

$200,000 Bitcoin ‘Doable’ in 2025 Courtesy of One Catalyst, Says Venture Capitalist Dan Tapiero

Didi Taihuttu Discusses Hiding His Cold Storage Wallets After Selling Everything for Bitcoin 3 Years Ago

Didi Taihuttu Discusses Hiding His Cold Storage Wallets After Selling Everything for Bitcoin 3 Years AgoOver three years ago, a Netherlands native made headlines when he told the world he and his minimalist family sold everything for bitcoin. At that time, Didi Taihuttu and his family sold their home, valuables, and vehicles in order to accumulate the digital asset. Taihuttu recently discussed how things have been after three years, explaining […]

$200,000 Bitcoin ‘Doable’ in 2025 Courtesy of One Catalyst, Says Venture Capitalist Dan Tapiero