Crypto casino Stake has suffered the theft of more than $40 million in a matter of hours. While Stake has yet to communicate on the matter and some withdrawals and deposits are paused on the platform, observers are favouring a private key leak.
40 million dollars stolen from Stake
The online betting platform Stake appears to have been the victim of the theft of more than $40 million, the amount estimated at the time of writing. The alert was issued by blockchain security firm Cyvers, before being relayed by PeckShield. At the time, the value of the theft was “only” $16 million:
All the stable coins are converted to $ETH and distributed to different EOAs.
– Cyvers Alerts (@CyversAlerts) September 4, 2023
As Cyvers pointed out, the attackers’ main address received Ether, USDT, USDC and DAI. All of the stablecoins were converted to ETH, which in a worst-case scenario could be a pre-emptive move by the attacker(s) to prevent Circle or Tether from freezing the funds involved.
As Taylor Monahan, lead product manager at MetaMask, pointed out, the attackers acted in a very “methodical” way, dispersing the funds over a large number of addresses across different blockchains. It was also at this point that various on-chain analysts noticed that the actual amount of the hack exceeded $40 million, more than double the initial amount.
17.8 million dollars were transferred from Stake’s wallet to the Binance Smart Chain (BSC) and 7.8 million dollars to Polygon (MATIC).
Stake hackers looking quite methodical
– Tay (@tayvano_) September 4, 2023
We can see that such a methodology is very similar to those used previously by the North Korean hackers Lazarus Group. But at present, it remains difficult to know what is really going on, especially as Stake has not communicated officially on the subject, if only to reassure its community.
The only communication that may have something to do with these events is Stake’s latest Telegram message, indicating that withdrawals and deposits of tokens for Ethereum, the Binance Smart Chain and blockchains compatible with the Ethereum Virtual Machine (EVM) have been paused:
At the time of writing, the most plausible hypothesis is a private key leak of unknown cause. One thing’s for sure, all eyes are on Stake’s future statement.