The infamous North Korean hacker group Lazarus has been attributed to yet another multi-million dollar hack–this time affecting Alphapo, a large payment processor associated with gambling sites and e-commerce platforms.

According to crypto investigator ZachXBT, the exploit began on July 22, when several hot wallets associated with Alphapo were drained for over $23 million–via Ethereum (ETH), Bitcoin (BTC), and Tron (TRX).

The initial hack, purportedly perpetrated by Lazarus registered $6 million in USDT tokens, $108,000 in USDC, 2,500 ETH, and several other tokens drained and swapped into a variety of stablecoins and Bitcoin via Avalanche.

How much native Bitcoin was hacked from Alphapo’s hot wallets has not yet been confirmed, said ZachXBT, who tweeted “It remains unclear at this time how much BTC was stolen.”

Alphapo suffered a second exploit earlier this week when an additional $37 million of stolen Bitcoin and Tron was identified through on-chain analytic tools–which brings the total to $60 million.

Although the details behind the heist are unclear, ZachXBT reported that Lazarus usually “create a very distinct fingerprint on-chain,” suggesting the North Korean group is behind the operation.

ZachXBT did not immediately respond to Decrypt’s request for comment.

Lazarus and crypto

The Lazarus group is a well-known North Korean hacker organization that has kept crypto on its toes over the past years with its exploits.

Posing in the past as a venture capital fund in an attempt to spread malware, blockchain analytics firm Elliptic states the group is said to have stolen over $2 billion.

ERC-20 tokens are the standard token built on Ethereum. Image: Shutterstock.

Lazarus Group Moves 41,000 Ethereum Nabbed From Harmony Bridge Hack

North Korea-linked cybercrime syndicate Lazarus Group has reportedly transferred $63.4 million in Ethereum from 2022’s mammoth Harmony bridge hack, depositing it on Binance, Huobi, and OKX. According to on-chain sleuth ZachXBT, the group used the privacy and anonymity system Railgun before consolidating the funds and depositing them on the exchanges.  Railgun is an Ethereum-based smart contract system that lets users obscure the nature of their crypto transactions, removing identifying informati...

NewsCoins
3 min read
Will McCurdy

Just this year, Lazarus allegedly pocketed more than $100 million in an attack on Atomic Wallet in early June.

The cybercrime syndicate is also linked to the $100 million Harmony bridge hack in June 2022, and the $190 million Nomad bridge hack that occurred a month after Harmony’s heist.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.