One more hack has just hit the cryptocurrency industry… The crypto betting and casino platform Stake announced Monday evening the suspension of all deposits and withdrawals, claiming to have been the victim of the exploitation of a vulnerability of security.
Estimates vary, but the amounts mentioned for this cryptocurrency theft are around $40 million. Note that before Stake publicly acknowledged the hack, it had also been highlighted by several computer security experts, including PeckShield.
Stake resumes service after a few hours of interruption following a hack
“Hey Stake, you might want to take a closer look at this,” the company wrote in a post on X, sharing an etherscan link to suspicious transactions.
Hi @Stake, you may want to take a look: https://t.co/qtoTeXpXWE
— PeckShield Inc. (@peckshield) September 4, 2023
The hack was soon after confirmed by Stake, which declared that “three hours ago, unauthorized transactions were carried out from Stake’s ETH/BSC hot wallets”, adding that investigations are underway, and specifying that “the User funds are safe,
Three hours ago, unauthorised tx’s were made from Stake’s ETH/BSC hot wallets.
— Stake.com (@Stake) September 4, 2023
We are investigating and will get the wallets up as soon as they’re completely re-secured.
User funds are safe.
BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational.
The stake had also specified that the BTC, LTC, XRP, EOS, and TRX wallets remained fully operational. Less than four hours after this message, Stake posted a new update, announcing that services have resumed, and that “deposits and withdrawals are working instantly again.”
All services have resumed! Deposits & withdrawals are processing instantly for all currencies. We apologise for any inconvenience. 🙏
— Stake.com (@Stake) September 4, 2023
It should be noted, however, that although the hack seems resolved, no official information has been provided on its amount or on the modus operandi of the hacker(s). The case therefore remains to be monitored.
The amount of the hack could exceed 40 million dollars
However, we can note that Cyvers, a renowned blockchain analyst, detected “multiple suspicious transactions” linked to Stake thanks to an AI alert system citing an address receiving approximately $15.7 million in Ethereum (ETH) and several stablecoins, including USDC, USDT and MakerDAO’s stablecoin, DAI.
🚨ALERT🚨Our AI-powered system has detected multiple suspicious transactions with @Stake.https://t.co/0ZoMITOyF5 address received about $16M in $ETH $USDC $USDT and $DAI
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 4, 2023
All the stable coins are converted to $ETH and distributed to different EOAs.
FYI: @tayvano_ @zachxbt pic.twitter.com/CSGwRHEiVm
Another $17.8 million was drained from BSC, while $9.8 million was allegedly stolen from Polygon, according to fellow blockchain analyst ZachXBT. The total amount of the hack could therefore exceed 41 million dollars.
It should also be noted that the attacked wallet holds a remaining balance of $340,000 in ETH and $2.1 million in various altcoins, according to data from Etherscan, funds whose security remains to be confirmed.
Finally, it should be noted that this case did not have any particular impact on the cryptocurrency market, on which indecision still reigns, with Bitcoin which hesitates below the $26,000 threshold.