Alphapo & CoinsPaid hack
Two linked crypto payment processors were drained in mid-2023 — about $60M from Alphapo and ~$37M from CoinsPaid — via compromised hot-wallet keys. The FBI attributed both thefts to North Korea's Lazarus Group (TraderTraitor); CoinsPaid said it was breached after months of social-engineering.
Also known as: Alphapo, CoinsPaid, Alphapo hack, CoinsPaid hack
Summary
In July 2023, the affiliated cryptocurrency payment processors Alphapo and CoinsPaid were hacked in quick succession. On-chain analysts (ZachXBT) put Alphapo's losses around $60 million and CoinsPaid's at about $37 million, drained from hot wallets — likely via leaked or stolen private keys. [1][2]
Attribution and method
The FBI attributed the Alphapo (~$60M) and CoinsPaid (~$37M) thefts, along with the June 2023 Atomic Wallet hack (~$100M), to North Korea's "TraderTraitor"-affiliated actors (also known as Lazarus Group / APT38). CoinsPaid said attackers had surveilled it for roughly six months and used a social-engineering lure (a fake job offer) to gain access — a hallmark DPRK technique. Proceeds were laundered through bridges and mixers such as Sinbad. [1][2]
Bracketed numbers refer to the numbered sources listed below.
People & entities involved
- Lazarus GroupAttributed actorOrganizations & groupsThe most widely used name for North Korea's state-sponsored hacking apparatus, run under its Reconnaissance General Bureau. Blamed for the Sony hack, the Bangladesh Bank SWIFT heist, WannaCry, and — since ~2017 — many of the largest crypto thefts ever. Chainalysis puts DPRK's cumulative crypto haul near $6.75B, used to fund the regime's weapons programs.
- TraderTraitorAttributed actorOrganizations & groupsA North Korea-linked threat cluster (part of the Lazarus umbrella) that the FBI blames for several of the largest exchange thefts, including Bybit ($1.5B), DMM Bitcoin ($305M), and the Ronin/Axie bridge. It favors social-engineering of employees and supply-chain compromises.
Sources (2)
See also
- Loci (LOCIcoin)TokensA 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Crowd Machine (CMCT)Tokens
This page was last updated on Jun 8, 2026. View revision history.