Stake.com's $41 Million Hack: A Look Into the Crypto Casino's Security Breach
On 4th September 2023, Stake.com, a renowned online cryptocurrency casino, experienced a series of abnormal withdrawals, leading to a loss of $41.35 million. The rapid and tactical execution of this hack indicates a possible breach of Stake's hot wallet private keys.
Behind the Breach
The breach commenced with a significant transaction on the Ethereum blockchain, transferring about $3.9 million worth of Tether (USDT) from Stake to the attacker's account. Subsequent transactions involved large amounts of Ether (ETH), USD Coin (USDC), and Dai (DAI).
The Ethereum address associated with the hacker is:
0xfe3f568d58919b14aff72bd3f14e6f55bec6c4e0. Following the breach, it appeared that the attacker distributed the ill-gotten funds across multiple accounts, complicating the recovery process.
The stolen funds included:
Ethereum (ETH): Approximately $15.7M
Polygon: Around $7.8M
Binance Smart Chain (BSC): Nearly $17.8M
North Korea's Involvement
The Federal Bureau of Investigation (FBI) later revealed that the hack on Stake.com was executed by the North Korean Lazarus Group. This notorious cybercrime organization, believed to be associated with the Democratic People’s Republic of Korea (DPRK), has reportedly stolen more than $200 million of crypto in 2023 alone. The FBI's investigation concluded that the attack on Stake.com was a part of the Lazarus Group's extensive cybercrime activities, underscoring the significant threats state-sponsored hackers pose to the crypto industry.
Lessons from the Incident
This incident underscores the inherent risks in the crypto domain. It's worth noting that Stake.com's breach wasn't an isolated event. Earlier in 2023, Alphapo, a payment provider associated with various crypto-gambling platforms, reported a loss of $60 million in suspicious withdrawals, likely made possible by a leak of private keys.
Rivanorth is a global boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit https://rivanorth.com/ to find out more.
You build the future. We help you secure it.