Cryptocurrency casino Stake experienced suspicious funds outflow with $15.7m drained on Ethereum and $25.6 m collectively lost in Binance Smart Chain and Polygon.
- On September 4, 2023, the world’s largest Australian cryptocurrency casino and sportsbook platform Stake became a target of a financially motivated cyberattack, losing over $41 million worth of cryptocurrencies.
- The hackers exploited a leaked private key to gain access to Stake’s hot wallets, which contain the platform’s most liquid funds.
- The hackers stole a total of $16 million worth of Ethereum, $17.8 million across the Binance Smart Chain, and $7.8 million in Polygon.
- The hackers converted the stolen funds to Ether and transferred them to multiple externally owned wallets.
- Stake has suspended all deposits and withdrawals and is currently investigating the attack.
According to reports from on-chain analyst Cyvers and blockchain researcher ZachXBT, on September 4, 2023, the world’s largest Australian cryptocurrency casino and sportsbook platform Stake became a target of a financially motivated cyberattack, losing over $41 million worth of cryptocurrencies.
Cyves has dubbed it a suspicious outflow of funds, most of which were sent to an account labelled ‘Stake.com Hacker.’ Further probing revealed that the withdrawals resulted from a leaked private key. The casino apparently was targeted by an exploit.
Etherscan reported that the first transaction to the alleged hacker’s wallet took place at 12:48 pm in which $3.9m worth of Tether was transferred followed by two more transactions draining out 6,001 Ether. Hackers kept removing tokens for the next few minutes, stealing $1m in USD coins. Altogether $16m worth of Ethereum, $17.8 across the Binance Smart Chain, and $7.8m in Polygon were stolen.
On X (former Twitter), Cyves shared news of the incident to alert Stake users about the unauthorized draining of funds:
“ALERT🚨Our AI-powered system has detected multiple suspicious transactions with @Stake. (https://etherscan.io/address/0x3130662aece32f05753d00a7b95c0444150bcd3c) address received about $16M in $ETH $USDC $USDT and $DAI. All the stablecoins are converted to $ETH and distributed to different EOAs.”
The hackers converted the stolen funds to Ether. They transferred the amount to multiple externally owned wallets before the withdrawals stopped, leaving the casino with $340,000 worth of Ether and $2.1m in other altcoins.
The casino suspended all deposits/withdrawals, due to which most users cannot access their funds as of now. The platform also confirmed the breach, stating that unauthorized transactions were made from its hot wallets.
“Three hours ago, unauthorized tx’s were made from Stake’s ETH/BSC hot wallets. We are investigating and will get the wallets up as soon as they’re completely re-secured. User funds are safe. BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational,” Stake’s statement on X read.
Stake is a popular betting platform known for its affiliation with rapper Drake and the Formula One fame Alfa Romeo, recording $2.6 bn in revenues in 2022. It allows users to deposit/play with cryptocurrencies. As per its co-founder Ed Craven, Stake accounted for 6% of all Bitcoin transactions, 15% of all Litecoin transactions, and 12% of all Dogecoin transactions last year.
The draining of such a hefty amount is a big blow for the casino and the cryptocurrency industry as in July 2023, another platform Alphapo lost $31m in suspicious withdrawals. In 2022, over $3.7bn worth of crypto was lost in different exploits and hacks, and this incident highlights that the industry continues to be vulnerable to cybercrime.
- Hackers drain $25 million in assets from dForce
- Hacker Returns $200 Million Stolen from Euler Finance
- Crypto ATM Manufacturer General Bytes Suffers $1.5m Bitcoin Theft
- Researcher Exposes Cryptocurrency Scam Network of 300 Domains
- Kroll SIM-Swapping Attack Causes Data Breach at 3 Top Crypto Firms