Crypto Gambling Platform Stake.com Suffers $41 Million Hack
A hot wallet holding reserve funds of the world's largest crypto betting site, which is responsible for 6% of all Bitcoin traffic, was drained.
Stake.com, the world’s largest crypto-gambling site, suffered a cyberattack on September 4 that resulted in cryptocurrencies worth over $40 million stolen from the company’s reserve hot wallet.
Cybersecurity firm Cyvers was the first to detect multiple irregular transactions linked to a Stake hot wallet and informed the company and other blockchain sleuths.
Hot Wallet Of Crypto Casino Stake.com Hacked For $41 Million
Security analysts immediately got on to the case and found that a suspicious account had initiated a withdrawal transaction of $41.3 million from the crypto casino. The suspect transferred $15.7 million on Ethereum (ETH), $7.8 million through Polygon (MATIC), and $17.8 million via Binance Smart Chain (BSC) networks.
The stolen tokens were ETH, MATIC, BNB, Chainlink (LINK), Shiba Inu (SHIB), and stablecoins DAI, USDT, and USDC.
Stake.com is a crypto gambling platform that offers users the chance to bet on live football, tennis, and basketball games in crypto and earn big by playing casino games such as dice, Blackjack, and Lingo. The company is pretty popular in the sporting industry as it sponsors the English Premier League team Everton and Italian automaker Alfa Romeo’s Formula One racing team.
Experts Beleive Hack May Be The Result Of Stolen Private Keys
After noticing the wallet’s name as “Stake.com Hacker” on Etherscan, cybersecurity experts are implying that the hack may have occurred as a result of stolen administrator keys.
On-chain data reveals that a large amount of tokens were withdrawn from Stake.com contracts and sent to the hacker’s wallet.
The first transaction of the lot occurred on the Ethereum network, where approximately $3.8 million worth of Tether USD (USDT) stablecoins were moved to the suspect’s account. This was followed by 6,001 ETH worth approximately $9.76 million, $1 million in USDC, and $900,000 in DAI transferred to the suspect’s account. The estimated value of the tokens drained through Ethereum adds up to $16 million.
Smart contract auditor Beosin reported that an additional $7.8 million worth of crypto assets held by the company was lost through Polygon (MATIC) and $17.8 million via the Binance Smart Chain (BSC).
Stake Promises Customer Funds Are Safe Despite The Hack
Stake confirmed the attack on X (formerly Twitter) three hours after it took place, stating that “unauthorized” transactions were made from its ETH and BSC hot wallets. Although it did not reveal further details, the company said it is working with blockchain security firms to investigate the case and promised to get the wallets up and running as soon as they were completely re-secured.
For the time being, the platform has suspended all deposits and withdrawals, blocking users from accessing their funds. The measure is seen as a way to protect the company’s available liquidity and to stop a bank run from taking place.
Stake guarantees that user funds were not affected by the hack and are safe in a secured location. Meanwhile, Bitcoin (BTC), Litecoin (LTC), Ripple (XRP), EOS, and Tron (TRX) wallets remain operational on the platform.
Company Co-Founder Says The Hack Was Expected
Ed Craven, co-founder of Stake.com, said the company always keeps a small portion of its crypto reserves in hot wallets because similar attacks could occur at any time. It seems like the crypto was set up as bait for the attackers since the firm totally expected the hack to occur.
Stake.com had integrated a series of rigorous security measures to fully ensure the safety of customers’ data and funds prior to the hack. The platform requires users to set up complex alphanumerical passwords that are difficult to decipher and also offers additional security to user accounts by implementing two-factor authentication methods.
The crypto-betting platform regularly conducts security audits to identify whether it has any vulnerabilities and rectifies them as soon as they are discovered.
However, the latest hack is a big blow to Stake and one that could have severe implications for its future as users are worried about the safety of their funds on the site.
Stake Is Responsible For 6% Of All Global Bitcoin Transactions
The Dune dashboard shows that since August 2022, Stake has had $2.1 billion in cumulative customer deposits locked on its platform. Last year, the company claimed that it was responsible for nearly 6% of all Bitcoin transactions, 12% of all Dogecoin transactions, and 15% of all Litecoin transactions, displaying the sheer size of the gambling platform.