Rumors circulated that Stake, one of the world’s foremost crypto gambling platforms, was allegedly compromised at around 5 p.m. on September 4th, 2023. Stake.com confirmed the news by releasing a statement on X, saying, ‘Three hours ago, unauthorized transactions were made from Stake’s ETH/BSC hot wallets…’
However, the gambling operator confirmed that all user funds are safe and that every other wallet, besides ETH, Polygon, and BSC, is fully operational.
Immediately after this release, the co-founder of Stake.com reassured stakeholders and prospective users that all is well, stating, ‘Stake keeps a small portion of its crypto reserves in hot wallets at any given moment for these very reasons. All affected wallets should be operational shortly’ in the comments section.
Multiple blockchain investigators, including Cyvers, PeckShield, and ZachXBT, attempted to trace the chain of transactions made by this unknown hacker, revealing transfers into multiple crypto accounts around 5 P.M.
First, there was a transfer of $15.7 million worth of Ethereum. Not long after, a staggering $17.8 million in BSC funds went into another address. To cap off the hack of the year, an additional transfer of $7.8 million went straight to another crypto account.
Barely four hours after Stake released a statement confirming the theft of several million dollars worth of crypto, they announced on X that ‘All services have resumed! Deposits and withdrawals are processing instantly for all currencies. We apologize for any inconvenience.’
In the aftermath of these events, many have attributed this incredible, yet undesirable theft to the notorious North Korean threat group, ‘Lazarus.’ Although, these are mere speculations, as investigations have not yielded any suspects.
Unsurprisingly, this Lazarus group had links to the hacks that led to the pilfering of $35 million from Atomic Wallet in June, $37.8 million from CoinsPaid, and $60 million from Alphapo in July.
Moreover, experts agree that the hacker, whoever they may be, had gotten hold of the private key, which led to the compromise.
Since Stake confirmed the resumption of activities on its platform, they have said nothing about the $41.3 million thievery or the ongoing investigations. Nevertheless, it remains business as usual on Stake.com.