Crypto casino Stake has suffered the theft of more than $40 million in a matter of hours. While Stake has yet to communicate on the matter and some withdrawals and deposits are paused on the platform, observers are favouring a private key leak.
40 million dollars stolen from Stake
The online betting platform Stake appears to have been the victim of the theft of more than $40 million, the amount estimated at the time of writing. The alert was issued by blockchain security firm Cyvers, before being relayed by PeckShield. At the time, the value of the theft was “only” $16 million:
ALERTOur AI-powered system has detected multiple suspicious transactions with @Stakehttps://t.co/0ZoMITOyF5 address received about $16M in $ETH $USDC $USDT and $DAI
All the stable coins are converted to $ETH and distributed to different EOAs.
FYI: @tayvano_ @zachxbt pic.twitter.com/CSGwRHEiVm
– Cyvers Alerts (@CyversAlerts) September 4, 2023
As Cyvers pointed out, the attackers’ main address received Ether, USDT, USDC and DAI. All of the stablecoins were converted to ETH, which in a worst-case scenario could be a pre-emptive move by the attacker(s) to prevent Circle or Tether from freezing the funds involved.
As Taylor Monahan, lead product manager at MetaMask, pointed out, the attackers acted in a very “methodical” way, dispersing the funds over a large number of addresses across different blockchains. It was also at this point that various on-chain analysts noticed that the actual amount of the hack exceeded $40 million, more than double the initial amount.
17.8 million dollars were transferred from Stake’s wallet to the Binance Smart Chain (BSC) and 7.8 million dollars to Polygon (MATIC).
Stake hackers looking quite methodical
ETH
0x3130662aece32f05753d00a7b95c0444150bcd3c
0x94f1b9b64e2932f6a2db338f616844400cd58e8a
0xba36735021a9ccd7582ebc7f70164794154ff30e
0xbda83686c90314cfbaaeb18db46723d83fdf0c83
0x7d84d78bb9b6044a45fa08b7fe109f2c8648ab4eMATIC… https://t.co/jupoEo9G3p pic.twitter.com/KSXmkipjft
– Tay (@tayvano_) September 4, 2023
We can see that such a methodology is very similar to those used previously by the North Korean hackers Lazarus Group. But at present, it remains difficult to know what is really going on, especially as Stake has not communicated officially on the subject, if only to reassure its community.
The only communication that may have something to do with these events is Stake’s latest Telegram message, indicating that withdrawals and deposits of tokens for Ethereum, the Binance Smart Chain and blockchains compatible with the Ethereum Virtual Machine (EVM) have been paused:
At the time of writing, the most plausible hypothesis is a private key leak of unknown cause. One thing’s for sure, all eyes are on Stake’s future statement.