Stake Casino Platform Latest Victim of Cyber Attack Losing $41 Million
Australian-based crypto casino site Stake.com faced a security breach, resulting in a massive loss of around 41M in cryptocurrency. The incident, which happened on 4th September 2023, was initially made public via X (formerly known as Twitter) by Cyvers Alerts – a digital security company and on-chain analyst. According to Cyvers, the hack was due to a private key leak. The analyst also noted that it could monitor the hack in real-time using their AI-powered system.
Stake.com took three hours to acknowledge the attack on its platform. Before confirming the mega heist, the company had sent a notification to users, stating that deposits and withdrawals on Ethereum and BSC/ERC20 networks were undergoing temporary maintenance. The official acknowledgment of the heist was made via X and it included the following message:
“Three hours ago, unauthorized tx’s were made from Stake’s ETH/BSC hot wallets. We are investigating and will get the wallets up as soon as they’re completely re-secured. User funds are safe. BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational.”
According to Cyvers, the first attack was made at around 1pm on Monday, where the attacker siphoned about $3.9 million in Tether from the Stake’s wallet. In the second transaction, the attacker transferred 6001 Ether, valued at $9.8 million. In addition to that, the attacker got $900,000 worth of DAI, $1 million in USD Coin, and 333 Stake Classic valued at $100. All these crypto were funneled to a hacker-controlled address, which distributed them to several Externally Owned Accounts (EOAS).
Another blockchain analyst known as ZachXBT also found that an additional $25.6 million was siphoned from Stake’s wallets on Binance Smart Chain and Polygon. From the BSC network, $12K BNB and $7.35 million BXC-USD were transferred. Other funds stolen from the network included $1.8M USDC, $1.3MBUSD, $2100 ETH, $40K LINK, $83.9 B SHIB, and $300K MATIC. These cryptos were channeled to a hacker-controlled address and later distributed to multiple external accounts.
The multiple heist transactions in total amounted to $41 million – which was stolen. Two days after the mega heist, the hacker began laundering stolen assets by bringing them from Polygon to Avalanche. The hacker also converted a huge amount of MATIC to BTC. To date, more than 72BTC had been laundered with the remaining cryptocurrencies still in the attacker’s possession.
The Federal Bureau of Investigation (FBI) has since launched the investigation, with preliminary results indicating that Lazarus Group Cyber Actors may have been behind the attack.
Background of Stake Casino
Stake is an online casino & sportsbook founded in 2017. Owned and operated by Medium Rare NV, it is a gaming company licensed and regulated by the Government of Curacao. The company was founded by Australian billionaire Ed Craven and Bijan Tehran. Since its inception, the gambling site has grown rapidly with statistics showing it is the 7th largest gambling group in the world. According to the Financial Times, the gaming site recorded $2.6 billion in gross revenue in 2022, up from $105 million in 2020.
While the Stake Casino officially launched in 2017, its history dates back to 2013 when Craven, Tehran, and Chris Freeman founded Primedice. This is a dice gambling site and is still linked to Stake Casino presently. In 2016, the two founders of Primedice (Craven and Tehran) joined hands and founded Easygo – a business that creates games for online casinos. Craven and Tehran also partnered again in 2017 and co-founded Stake.com. During this time, the site launched with Stake original games such as Plinko, Mines, Hilo, Roulette, and Keno.
Stake Sportsbook was launched later in 2019, a move that was followed by major sports sponsorships across the world. By January 2021, Stake Sportsbook announced a sponsorship with UFC champion Israel Adesanya. Stake.com has since sponsored big names such as heavyweight champion Francis Ngannou, Watford FC, TGP Europe, and Sergio Aguero.
The popularity of Stake Casino has indeed skyrocketed for several reasons. Firstly, it supports a wide variety of cryptocurrencies. Whether you like Bitcoin, Dogecoin, Litecoin, Tron, Ethereum, Ripple, Bitcoin Cash, or Bitcoin Cash, the casino has it all. Secondly, the casino has plenty of betting options for players to choose from. Users can play an array of casino games including table games, slot machines, table games, video poker, and live dealer games. On the other hand, if you are a sports bettor, you can bet on dozens of sports from all over the world including Basketball, Tennis, Soccer, Badminton, Cycling, and Darts.
Other Platforms Hacked in the Past
Stake Casino is not the only sweepstakes gaming site that has fallen victim to cybercriminals. In November 2022, an 18-year-old man named Joseph Garrison from Wisconsin allegedly hacked into the DraftKings sports betting website and hijacked the accounts of over 60,000 users. In court, it was alleged that the perpetrator sold the hacker accounts, allowing buyers to steal over $600,000 from 1600 compromised accounts. The attacker had apparently advised his buyers to add new payment methods and make a small deposit of $5 to verify the accounts before withdrawing all existing funds.
Another leading online casino & sportsbook, William Hill, faced a DDoS attack in 2015. An official statement from the casino indicated that the website was under a Distributed Denial of Service attack in which the site was flooded with heavy traffic. This traffic locks users outside the system, preventing them from placing bets. While William Hill managed to restore services within 24 hours, the damages to the company’s finances were long-lasting.
Conclusion
The recent attack on Stake Casino serves as a clear reminder that hackers are working day and night trying to siphon money from unsuspecting crypto holders. While the attacks dropped by 70% in 2022, there is still a lot that needs to be done to lock hackers outside the system. Crypto gaming sites and other platforms need to put in place robust security measures and proactive incident response mechanisms. The platforms can also use AI-powered systems that are capable of detecting suspicious transactions in real-time.