In the past few years, cryptocurrency platforms have become main targets for threat actors, especially those who made a name for themselves in the cybercrime world. Unfortunately, a few days back, one of the biggest crypto heists of 2023 occurred at the expense of the popular payment processing platform Alphapo.
The North Korean Lazarus hacking group has been wreaking havoc among major entities around the world. And now, blockchain analysts are blaming them for harvesting over $60 million in crypto from Alphapo.
This crypto payment provider is used by several companies and services globally, which means an attack such as this may have a huge impact. How did this happen? How is the company handling this? Find out below.
Lazarus Strikes Again? Alphapo Hit Hard
As we mentioned, cryptocurrency platforms and firms have been targets for threat actors for quite some time now.
That’s because crypto has become very popular among users, especially those who prefer purchasing their goods in an anonymous matter.
Unfortunately, with threat actors around, nothing anonymous will come out of that. A couple of months ago, cybercriminals targeted cryptocurrency companies with the Parallax RAT.
Before that, Pennywise Stealer saw its way to the scene, harvesting sensitive browser data and cryptocurrency wallets.
This time around, the target is Alphapo, a popular payment provider that caters to gambling sites, e-commerce subscription services, and other online platforms.
At first, crypto analysts estimated that the Lazarus group managed to harvest an initial stolen amount of $23 million.
According to the Tweet by PeckShieldAlert, the stolen goods include 6 million USDT, 108k USDC, 100.2 million FTN, 430k TFL, 2.5k ETH, and 1,700 DAI.
But apparently, it didn’t end there. According to crypto chain investigator ZackXBT, the attackers also managed to steal an additional $37M of TRON and BTC, raising the total amount stolen from Alphapo to $60,000,000.
So, how did Lazarus pull this off? Based on previous attacks contributed to the group, they use fake job offers to lure employees of crypto firms to open infected files.
Once they fall for the trick, they compromise their devices and lose account credentials in the process. That’s when Lazarus takes over and performs its malicious activities.
In this particular attack, Dave Schwed, COO of blockchain security company Halborn claims that the group was successful in this attack due to stealing private keys.
Is It Really Lazarus?
So far, nothing’s been confirmed about who’s behind this attack. But according to ZachXBT, the attack seems to have characteristics of a Lazarus heist, as it includes “a very distinct fingerprint on-chain.”
Cryptocurrency platforms are constant targets now, which means extra precautions have to be taken to protect their customers and assets.
To be targeted by Lazarus means a lot. This particular group is capable, and it’s been raiding all sorts of companies and platforms across the globe.
We don’t know if Lazarus is behind this. We’ll have to wait for additional information to confirm everything.