The alleged July 23 hack of payments provider Alphapo is estimated to have caused losses in excess of $60 million, according to a July 25 report from a sleuth on the ZachXBT chain. The loss was previously reported at around $31 million.

Alphapo is a centralized crypto payment provider for subscription e-commerce services, gaming websites and other online businesses. It is known as the provider of the Mystery Box HypeDrop platform and Bovada and Ignition gambling games. On July 23, security experts began reporting that the sites were hot wallets they seemed to be exhausted at least $21 million, with some sources reporting losses in excess of $31 million.

Alphapo did not comment on the alleged hack at the time, but told Cointelegraph that deposits and withdrawals had been restored to the new addresses. The team said funds deposited to old addresses would be “additionally verified.” HypeDrop confirmed that its payment provider had “issues” causing withdrawals to be delayed, but that withdrawals would resume once the issue was resolved.

Related: Conic Finance’s Curve omnipool platform was hacked for $3.2 million in ETH

Neither company confirmed the problems were caused by a hack, but security researchers said large outflows from known hot wallets, combined with halted withdrawals, indicated the funds may have been moved by an attacker.

A new report from ZachXBT identifies an additional $37 million allegedly drained from old addresses on the Tron and Bitcoin networks, bringing the total loss to more than $60 million. Citing data from Dune Analytics, an on-chain sleuth claimed that the Lazarus Group may be behind the attack:

“This hack seems likely to have been done by Lazarus as it produced a very distinct fingerprint on the chain.

The Lazarus Group is a cybercrime group first identified by a consortium of security researchers led by Novetta in 2014. The group is believed to have ties to the North Korean government.

Alphapo isn’t the only centralized cryptocurrency provider to suffer mysteriously large withdrawals in July. July 7, cross-chain bridge bridge protocol Multichain suffered more than $100 million in unexplained withdrawals. July 14, Multichain team announced that it would cease operations after revealing that these downloads were caused by an attacker accessing the protocol’s private keys through a cloud storage service.