Stake.com Victim of $41 Million North Korean Cyber attack

Popular Australian-based crypto gambling site Stake.com has fallen victim to one of the largest crypto attacks of 2023. The site recently had approximately $41 million worth of Bitcoin, Ethereum, BNB, and Polygon stolen from its wallets. According to the FBI, North Korea’s notorious cybercrime organization Lazarus Group is responsible for the attack.

Cyberattack on Stake.com Confirmed on 4 September

On 4 September, a pair of blockchain monitoring groups started to report suspicious activity on wallets owned by crypto betting platform Stake.com. Cyvers was the first to report an exploit, revealing that multiple suspicious transactions transferred approximately $16 million worth of Ethereum, USDT, USDC, and Dai to multiple addresses.

Later, ZachXBT confirmed the initial attack and revealed an additional $26 million in funds were drained from Binance Smart Chain (BNB) and Polygon (MATIC).

The total amount of crypto stolen from wallets totalled over $41 million. Following the hack, Stake.com suspended all deposits and withdrawals on the platform. However, the suspension was short-lived as the site quickly secured its wallets and resumed normal operations.

While the source of the attacks was not immediately known, the Federal Bureau of Investigations (FBI) in the United States quickly determined the source of the attack.

The Lazarus Group Responsible for Crypto Exploits

It only took a couple of days to figure out the source of the Stake.com exploit. According to the FBI, the Lazarus Group, aka APT38, was responsible for the cyberattack on 4 September. The FBI listed 33 addresses impacted by the exploit, resulting in the theft of approximately $41 million.

According to the FBI, the Lazarus Group is responsible for over $200 million in crypto thefts. The group stole about $60 million of crypto from CoinsPaid and Alphapo around 22 June 2023 and around $100 million from Atomic Wallet on 2 June 2023.

The Lazarus Group is suspected of crypto crimes totalling over $2 billion. This includes a $622 million exploit of the Ronin Network in April 2022. Crypto crime continues to be rampant despite significant reductions in the total number of exploits. Reportedly, crypto crime is down 70% year-over-year, but creative groups still find a way to exploit wallets.

Unfortunately, crypto gambling sites are frequently targeted for such exploits. Often, online casinos don’t take the necessary precautions to secure crypto assets properly. While it can be challenging for the average hacker or thief to hack a crypto wallet, it is not impossible for someone with the proper training and tools.

One way to avoid such exploits is to use a third-party company. However, the exploit of CoinsPaid also shows that even third-party companies can be exploited.

Are Stake.com Player Accounts Safe?

For those who may be concerned over whether their Stake.com funds are safe, the company has already taken appropriate action to secure its accounts. Players will be able to continue playing and cashing out as usual.

While the $41 million exploit is concerning, it is a drop in the bucket to the amount of crypto the website holds. Since August 2022, Stake.com has accepted over $2.1 billion of crypto deposits. The exploit represents a little less than 2% of total deposits.

According to Stake co-founder Ed Craven, the crypto site is responsible for a significant amount of blockchain traffic. He says that Stake.com is responsible for about 15% of all Litecoin transactions, 12% of all Dogecoin, and 6% of all Bitcoin transactions.

Is there any chance that Stake.com will recover its money? Honestly, it is unlikely that will happen unless some third-party negotiations are held. It is much more likely that the company will have to tighten its security and accept the loss. The only bright side to this exploit is that it was relatively small in comparison to total deposits.