Crypto gambling site Stake.com loses 41 million to a hack

Users could not withdraw any funds soon after the hack

Online cryptocurrency casino Stake.com, which has swiftly grown into one of the world’s largest crypto gaming platforms, recently became the target of a massive cyberattack. The attackers successfully pilfered approximately $41 million in cryptocurrencies from the company's hot wallets. Such significant losses from the Curacao-based betting platform have led to speculations regarding the involvement of state-sponsored actors, though no concrete evidence has emerged yet.

The compromised hot wallets were on the Ethereum (ETH), Binance Smart Chain (BSC), and Polygon networks. The breakdown of the stolen funds, as revealed by various blockchain analysts, is as follows:

• $15.7 million from Ethereum
• $25.6 million from Binance Smart Chain (BSC) and Polygon

Immediately after the hack, Stake.com halted all deposits and withdrawals, causing panic and inconvenience among its users. The platform did, however, move swiftly to assure its vast user base that their personal funds were unaffected and safe. Stake.com wrote on Tuesday:^[1]

All services have resumed! Deposits & withdrawals are processing instantly for all currencies. We apologise for any inconvenience.

This rapid response and transparent communication helped to assuage some of the fears and concerns of the Stake.com community. As of now, the services are back to normal, and users can deposit and withdraw in all currencies.

Role of blockchain investigators and prevailing threats

Blockchain investigators such as PeckShield, ZachXBT, and Cyvers have been tracking unauthorized transactions,^[2] providing insights into the hack's details. The assailant converted all siphoned funds to Ethereum before distributing them across various external wallets.

This incident underlines the escalating threats to online cryptocurrency platforms. In recent months, the Lazarus group, a notorious North Korean threat organization, has been linked to several high-profile crypto heists. This group was implicated in the theft of millions from platforms such as Atomic Wallet, Alphapo, and CoinsPaid.

Their modus operandi often includes creating deceptive accounts on platforms like GitHub, which are used to target employees through social engineering and malware. The FBI had recently flagged potential money laundering activities related to a sum similar to that stolen from Stake.com, suggesting the Lazarus group might be cashing out.^[3]

Stake.com’s standing and the wider crypto security landscape

Stake.com's meteoric rise since its inception in 2017 is commendable. Founded by Ed Craven and Bijan Tehrani, it has risen to become the seventh-largest gambling group globally. By 2022, the platform boasted a whopping $2.6 billion in gross gaming revenue, a significant leap from the $105 million reported in 2020.^[4] Apart from its crypto operations, Stake has been diversifying, holding traditional gambling licenses in countries like Mexico and Paraguay.

While Stake.com's credentials and associations with big names like rapper Drake and Formula One team Alfa Romeo have cemented its position as a leading crypto casino, it hasn't been immune to the pervasive threats faced by platforms in this sector. In 2022 alone, hacks and exploits resulted in a loss of over $3.7 billion in cryptocurrencies across various platforms.

This incident at Stake.com emphasizes the need for platforms, especially those in the crypto sector, to continuously enhance and update their security protocols to safeguard against such sophisticated cyber threats.