The infamous North Korean hacker group Lazarus has been attributed to yet another multi-million dollar hack–this time affecting Alphapo, a large payment processor associated with gambling sites and e-commerce platforms.

According to crypto investigator ZachXBT, the exploit began on July 22, when several hot wallets associated with Alphapo were drained for over $23 million–via Ethereum (ETH), Bitcoin (BTC), and Tron (TRX).

The initial hack, purportedly perpetrated by Lazarus registered $6 million in USDT tokens, $108,000 in USDC, 2,500 ETH, and several other tokens drained and swapped into a variety of stablecoins and Bitcoin via Avalanche.

How much native Bitcoin was hacked from Alphapo’s hot wallets has not yet been confirmed, said ZachXBT, who tweeted “It remains unclear at this time how much BTC was stolen.”

Alphapo suffered a second exploit earlier this week when an additional $37 million of stolen Bitcoin and Tron was identified through on-chain analytic tools–which brings the total to $60 million.

Although the details behind the heist are unclear, ZachXBT reported that Lazarus usually “create a very distinct fingerprint on-chain,” suggesting the North Korean group is behind the operation.

ZachXBT did not immediately respond to Decrypt’s request for comment.

Lazarus and crypto

The Lazarus group is a well-known North Korean hacker organization that has kept crypto on its toes over the past years with its exploits.

Posing in the past as a venture capital fund in an attempt to spread malware, blockchain analytics firm Elliptic states the group is said to have stolen over $2 billion.

Just this year, Lazarus allegedly pocketed more than $100 million in an attack on Atomic Wallet in early June.

The cybercrime syndicate is also linked to the $100 million Harmony bridge hack in June 2022, and the $190 million Nomad bridge hack that occurred a month after Harmony’s heist.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.