September 5, 2023
In what could be a significant security breach, Stake, a leading crypto gambling website, experienced unprecedented withdrawals of $16 million on September 4. Cyvers Alerts, a renowned security platform, highlighted these transactions as "suspicious." The Etherscan blockchain explorer has named the recipient account as the “Stake.com Hacker”, pointing to the possibility that this might be a consequence of a compromised private key.
Blockchain data analysis has shown substantial withdrawals from Stake.com's contracts, heading into what is believed to be the attacker's account. The initial transaction, logged at 12:48 p.m., transferred a whopping $3.9 million in Tether (USDT) stablecoin from Stake directly into the suspected hacker's account. This was followed by two other major transactions pulling out 6,001 Ether (ETH) which translates to an approximate value of $9.8 million considering the current market rates. The unauthorized withdrawals didn't stop there. Over the ensuing moments, the suspicious account received close to $1 million USD Coin (USDC), $900,000 in Dai (DAI) stablecoin, and 333 units of Stake Classic (STAKE) equivalent to about $75.48. All these cumulated to the total drained value being pegged at around $16 million by Cyvers.
In a twist to this intriguing saga, the assumed attacker did not hoard the funds. Instead, these were swiftly redistributed across several accounts. As of now, there is radio silence from Stake's side, with no official statement addressing these questionable transactions.
Cyvers Alerts were among the first to highlight this activity. Their tweet read:
"ALERT🚨Our AI-powered system has detected multiple suspicious transactions with @Stake. [Link] address received about $16M in $ETH $USDC $USDT and $DAI. All the stable coins are converted to $ETH and distributed to different EOAs. FYI: @tayvano_ @zachxbt."
Stake is a widely recognized crypto gambling platform, known for its range of offerings from dice games, Blackjack, Lingo, to other casino favorites. It also caters to sports enthusiasts, providing betting avenues for sports like basketball, tennis, and volleyball.
This incident echoes a familiar tune as 2023 has witnessed similar breaches. Notably, Alphapo, a payments provider servicing several crypto gambling platforms, such as Hypedrop, Bovada, and Ignition, reported suspicious withdrawals amounting to $31 million on July 23.
Stay tuned as this story unfolds. New details will be updated as and when they surface.