The Stake Hacking Incident has been the talk of the week. The casinos says that players’ accounts are safe.
Stake, perhaps the world’s most prominent crypto casino platform, experienced $41 million in withdrawals on the 4th of September, which blockchain security analysts referred to as “suspicious outflows.” The account responsible for the unauthorized withdrawals has been labeled “Stake.com Hacker” by Etherscan.io, suggesting that the suspiciously stolen funds likely have resulted from a stolen private key.
Stake is a crypto gambling platform offering table games, dice games, slots, and various other casino games. It also facilitates betting for various sports, including football, tennis, basketball, and volleyball. We have reported on them before, as they have struck several deals with well-known streamers and are the backers of Kick. A controversial streaming platform offering competition to Twitch.
Stake confirmed the hacking incident via a post on X, formerly Twitter. The team stated that unauthorized transactions were carried out via the platform’s ETH/BSC hot wallets.
Three hours ago, unauthorised tx’s were made from Stake’s ETH/BSC hot wallets.
We are investigating and will get the wallets up as soon as they’re completely re-secured.
User funds are safe.
BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational.
— Stake.com (@Stake) September 4, 2023
The team informed the public they were looking into the issue and would re-secure the wallets as quickly as possible. They also revealed that user funds were safe and not affected by the incident.
Ed Craven, the co-founder of Stake, elaborated that the company only holds a limited portion of its cryptocurrency reserves in hot wallets for reasons like this, suggesting that the incurred losses were not significant enough to affect users.
Blockchain data displayed significant amounts from Stake.com contracts withdrawn into the alleged hacker’s account.
The first withdrawal targeting Ethereum took place at 12:48 p.m., transacting around $3.9 million worth of Tether from Stake to the hacker’s account.
The next transaction that followed was the withdrawal of 6,001 Ether, worth nearly $9.8 million at the time of writing.
The hacker then proceeded to transfer tokens, including roughly $1 million worth of USD Coin and $900k worth of Dai. Cyvers Alerts evaluated the total value of the cryptocurrency stolen to be worth $16 million.
The hacker then distributed the funds to multiple accounts after effectively draining them.
According to blockchain security company Beosin, the cyberattack also targeted other chains, including Polygon and BNB Smart Chain. Beosin reported that an additional $17.8 million was lost on BNB Smart Chain and $7.8 million on Polygon, therefore resulting in a total loss of over $41 million.
A few hours after the platform was hacked, with $41.3 million suspiciously withdrawn, Stake reopened deposits and withdrawals and resumed services for its users.
The platform itself confirmed that operations resumed at 9:28 p.m. UTC on the 4th of September, five hours after the platform had confirmed the fact that several illicit transactions took place on Stake’s ETC/BSC hot wallets.
The platform stated that its Bitcoin, XRP, and Litecoin wallets were not affected but still has not shared the cause of the incident and the precise amount stolen. However, Stake confirmed that the funds remain safe.
This is not the first time hackers have targeted online crypto platforms this year. On the 23rd of July, payments provider Alphapo also suffered the loss of $31 million in unauthorized withdrawals.