According to blockchain security experts, the highly popular crypto betting platform Stake has fallen victim to a major exploit, losing over $40 million in funds.
The crypto casino is backed by the rapper Drake, and many from the crypto community have speculated that the attack could be linked to North Korea.
Stake Targeted In Major Exploit
The exploit was first reported by on-chain analyst Cyvers, who reported that nearly $16 million was withdrawn on the Ethereum network following a private key link. The gambling firm reportedly experienced several unusual transactions on Monday morning Eastern time. Initially, $16 million in ETH, Tether, DAI, and USD Coin left the platform, as reported by Cyvers.
“Our AI-powered system has detected multiple suspicious transactions with @Stake. https://etherscan.io/address/0x3130662aece32f05753d00a7b95c0444150bcd3c address received about $16M in $ETH $USDC $USDT and $DAI All the stable coins are converted to $ETH and distributed to different EOAs.”
Following this, hackers drained an additional $25 million on Polygon and Binance Smart Chain, as reported by the pseudo-anonymous blockchain sleuth ZachXBT. This brought the total amount siphoned from the platform to $41 million.
According to blockchain security firm PeckShield, the transfers looked suspicious if the platform was not under maintenance. However, Stake confirmed after a few hours that the wallet transfers were indeed unauthorized. This meant someone was able to gain access to the company’s wallet and move funds. Stake issued an update on X, stating,
“Three hours ago, unauthorized [transactions] were made from Stake’s ETH/BSC hot wallets. We are investigating and will get the wallets up as soon as they’re completely re-secured. User funds are safe. BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational.”
The Stake wallet that was targeted still holds around $340,000 worth of ETH and $2.1 million in other altcoins, according to data from Etherscan. As of now, withdrawals from the wallet appear to have been halted, as several social media users claimed.
North Korea Involvement?
This is not the first time a crypto-gambling platform or casino has been targeted. Alphapo, a crypto payment service provider for gambling websites such as Bovada and HypeDrop, was targeted by hackers earlier this year. The platform lost around $60 million after its hot wallet fell to a security breach. An investigation into the attack by the FBI concluded that North Korea-backed hackers orchestrated the attack.
However, cryptocurrency researcher Tayvano noted it was too soon to pinpoint those behind the exploit as being linked to North Korea.
“too soon to tell with just these limited txns. Biggest indicator will come from Stake themselves. e.g., if one of their devs has been applying for a lucrative, high-paying job at cryptocom.”
North Korea has been behind several major exploits in the crypto space and has been heavily involved in illicit cryptocurrency activities. This has been primarily done through state-supported actors like the dreaded Lazarus hacking group. According to a Nikkei-sponsored Elliptic analysis, North Korean hackers were responsible for stealing around $497 million in crypto from US businesses since 2017.
Last year, the crypto space lost around $3.7 billion worth of crypto to hacks and exploits. However, the first quarter of this year has seen this figure drop by 70%.
Stake is an Australian Casino and Sportsbook that allows users to deposit and play with crypto. The platform generated over $2.6 billion in revenue in 2022.
Major Hacks In 2023
The crypto space has seen several major exploits during the year. Just a week ago, the Ethereum automated market maker (AMM) Balancer fell victim to an exploit. Balancer disclosed it had lost approximately $900,000. The news of the exploit came days after the protocol highlighted a vulnerability impacting several of its pools.
Curve Finance also suffered a major exploit, with hackers siphoning off around $70 million from the protocol, in a significant blow to the decentralized finance (DeFi) ecosystem.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2023/09/crypto-casino-stake-loses-40-million-in-unauthorized-transfers