In a shocking turn of events, cryptocurrency enthusiasts have fallen victim to yet another major hacking incident. Alphapo, a prominent cryptocurrency platform, recently suffered a devastating attack, resulting in the loss of over $23 million worth of digital assets. The incident, meticulously investigated by cybersecurity firm PeckShield, reveals a complex web of transactions and the involvement of multiple deceptive accounts. Join us as we delve into the details and expose this audacious cybercrime.
Details of the Hack:
According to Zach, a vigilant cryptocurrency researcher, the attackers successfully drained various hot wallets belonging to Alphapo. The stolen digital assets included approximately 6.074 million USDT, $108,000 USDC, 100.2 million FTN tokens, 430,000 TFL tokens, 2,500 ETH, and around 1,700 DAI. All funds were transferred to the address 0x040a…0d17, where the attackers planned their further moves.
The Cybercriminal’s Strategy:
The cunning hackers then embarked on a series of clever maneuvers to obfuscate their tracks and launder the stolen funds. Initially, they swiftly swapped stablecoins and other cryptocurrencies, resulting in the acquisition of 5.73 thousand ETH. Shockingly, these new funds were then utilized to bridge over to Bitcoin using the Avalanche bridge, a decentralized finance protocol. The attackers effectively cleaned their stolen ETH, making it even more challenging to trace the funds.
PeckShield’s investigation revealed the destination addresses where a large portion of the stolen funds were transferred. Approximately 12 million USDT and 5.2 million TRX were detected in the wallet address TKSitn…XDiY, only to be swiftly moved to another address, TDoNAZHa7WxarUAFbQUhiijTGtd7EpbzRh. These addresses serve as critical leads in the ongoing investigation to track down the perpetrators behind this audacious heist.
Impersonation and Phishing Attempts:
In an additional twist to this already intricate incident, Alphapo faced another challenge. A scam account emerged, impersonating the company and attempting to further deceive unsuspecting victims. This fake account, verified by Twitter, shared malicious links disguised as legitimate Alphapo communication. The social media giant, Twitter, has been notified of this fraudulent activity, urging them to take immediate action.
CertiK Skynet Alerts:
Not limited to Alphapo, other cryptocurrency platforms have also found themselves dealing with fraudulent activities. CertiK Skynet, a renowned cybersecurity company, has sounded the alarm regarding a phishing site, hxxps://arkahaminteilgence.com, advertised on the Twitter account @Arkhamltel. Users are strongly advised not to interact with the site or approve any transactions, as it is associated with malicious intent.
Additionally, CertiK Skynet has uncovered a fake Arbitrum airdrop being promoted on Twitter. The website hxxps://eligible-arbitrum.com/ has been identified as a conduit for wallet draining activities, posing a significant risk to unsuspecting users.
As the cryptocurrency industry continues to gain traction, cybercriminals are adapting their methods to exploit vulnerabilities. The recent hacking incident targeting Alphapo is a stark reminder of the constant need for heightened security measures within the crypto ecosystem. Industry players, such as cybersecurity firms like PeckShield and CertiK Skynet, play a vital role in detecting and investigating such incidents. It is imperative for users to remain vigilant, exercise caution while interacting online, and report any suspicious activity promptly.