A report from crypto investigator ZachXBT states that the North Korean state-backed Lazarus group is allegedly behind the Alphapo hack on July 22 due to the group’s “very distinct fingerprint on-chain.”
Lazarus, the notorious North Korean hacker group, has been linked to yet another multimillion-dollar hack, this time affecting Alphapo, a large payment processor associated with gambling sites and e-commerce platforms.
Several hot wallets associated with Alphapo were emptied of more than $23 million in Ethereum (ETH), Bitcoin (BTC), and Tron (TRX) on July 22, according to crypto investigator ZachXBT.
The initial breach, allegedly carried out by Lazarus, resulted in $6 million in USDT tokens, $108,000 in USDC, 2,500 ETH, and several other tokens being drained and exchanged for various stablecoins and Bitcoin via Avalanche.
ZachXBT tweeted, “It remains unclear at this time how much BTC was stolen.”
Earlier this week, Alphapo suffered a second exploit when on-chain analytic tools identified an additional $37 million in stolen Bitcoin and Tron, bringing the total to $60 million.
ZachXBT reported that Lazarus typically “creates a distinct fingerprint on-chain,” indicating that the North Korean group is likely behind the theft.
North Korean Lazarus Group
The Lazarus group is a well-known North Korean cyber organization whose exploits have kept crypto on its toes in recent years.
In the past, the group posed as a venture capital fund in an attempt to disseminate malware, according to blockchain analytics firm Elliptic. The group allegedly stole over $2 billion.
Lazarus stole over $100 million from Atomic Wallet in early June.
The cybercrime syndicate is also linked to the June 2022 $100 million Harmony bridge hack and the July 2022 $190 million Nomad bridge breach.
