Online cryptocurrency casino Stake.com announced that its ETH/BSC hot wallets had been compromised to perform unauthorized transactions, with over $40 million in crypto reportedly stolen.
The platform immediately reassured users that their funds were safe, and all other wallets not directly impacted by the attack, including those holding BTC, LTC, XRP, EOS, and TRX, remained fully operational.
During that time, several users reported on X that they were impacted by the situation and were unable to deposit or withdraw on Stake.com.
Today, Stake.com informed its community that its services have resumed, and users can now deposit and withdraw in all currencies again.
Blockchain investigators PeckShield and ZachXBT, who followed the money trace, reported that the hackers stole $15,700,000 in Ethereum and another $25,600,000 in Binance Smart Chain (BSC) and Polygon.
This brings the total amount lost to the hack to $41,300,000, making this one of the highest-yielding crypto heists so far in 2023.
The amount stolen from the Curacao-based betting platform is big enough to suspect state-sponsored threat actors, although there’s no evidence pointing to that direction yet, and it’s too early for investigators to draw safe conclusions.
In July 2023, GitHub warned that Lazarus was creating fake accounts on the code-hosting platform to target employees of online gambling firms (among others) with social engineering and malware.
The notorious North Korean threat group’ Lazarus,’ known for its specialization in conducting large crypto-heists, has had a very prolific year.
The threat group was linked to the theft of $35 million from Atomic Wallet in June, $60 million from Alphapo in July, and another $37.3 million from CoinsPaid also in July.
Late last month, the FBI warned of the North Korean hacking group readying to cash $41 million worth of stolen cryptocurrency, with the law enforcement agency observing various signs of money laundering and money movement preparation activity.
At this time, Stake.com has not shared more details about what went wrong with their security that resulted in the hack of their hot wallets, which is typically the result of the private key being leaked or somehow compromised.
The platform’s co-founder Ed Craven said that only a small portion of its digital currency reserves are kept in hot wallets due to their inherent risks.