The likelihood of cryptocurrency hacking is increasing along with the currency’s adoption. In the ever-changing world of online Blockchain breaches and attacks, protecting your digital assets is essential.
Numerous cryptocurrency aficionados from around the world have been paying attention to the latest crypto wallet breach on Stake, one of the well-known cryptocurrency online casinos.
A renowned cryptocurrency gambling platform similar to Futureplay called Stake provides a selection of games for casinos, sports gambling, and other online gambling options allowing cryptocurrency transactions including Bitcoin, Ethereum, Litecoin, and a few more.
In the words of Edward Craven, the co-founder of Stake.com, the breach of security deliberately targeted a hot wallet that was used to facilitate consumers online payments and withdrawals.
How Did the Hack Occur?
The monies, which included Tether and Ether, were apparently taken via unusually high withdrawals from Stake to a digital wallet with no prior activity. On September 4, $41 million was taken out of the crypto currency gambling platform Stake in what blockchain security specialists have dubbed “suspicious outflows.” Etherscan’s designation of the withdrawing account as a “Stake.com Hacker” suggests that the cash may have been siphoned as a result of a private key that was taken.
Blockchain evidence reveals extremely significant cash outs from Stake.com transactions into the account of the suspected hacker. At 12:48 p.m., the first Ethereum transaction took place, sending Tether, a stablecoin, from Stake to the hacker’s account for about $3.9 million.
The following two activities each withdrew 6,001 Ether worth of crypto, or $9.8 million worth at the time. Over the following several minutes, the assailant proceeded to steal tokens, including almost $1 million in USD Coin, $900,000 in Dai, and 333 Stake Classic (STAKE) ($75.48). The entire value of the crypto drained, according to Cyvers, was $16 million.
The suspected attackers allegedly siphoned off the money and split it among many accounts.
The hack also affected additional chains including Polygon and BNB Smart Chain (BSC), according to smart contract inspector Beosin. Beosin claims that a total of $41 million in damages occurred, including further losses of $7.8 million on Polygon and $17.8 million on BSC.
It’s possible that hackers have been targeting crypto currency gaming sites before in 2023. Alphapo, a supplier of payments services, had $31 million in erroneous cash withdrawals on July 23. Hypedrop, Bovada, and Ignition were just a few of the cryptocurrency gaming websites that used Alphapo as a supplier.
The crypto casino that also accept bitcoin has halted all deposits and withdrawals, making it currently impossible for most players to fund or retrieve money from the platform. The website acknowledged the vulnerability and said that illicit transactions had been carried out using its hot wallets.
This was the statement from the crypto gambling platform on Twitter; Unauthorized transactions were conducted from Stake’s ETH/BSC hot wallets three hours ago. The wallets will be made available as soon as they have been fully resecured while we do our investigation. User money is secure. The following wallets are still fully functional: BTC, LTC, XRP, EOS, TRX, and all others.
Stake.com, a well-known betting site with $2.6 billion in projected revenue in 2022, is well-known for its connections to superstar musical artist; Drake and Formula One team; Alfa Romeo. Users are able to deposit and play using cryptos. According to Stake’s co-founder Ed Craven, 6% of all transactions involving Bitcoin (the first cryptocurrency), 15% of all Litecoin operations, and 12% of all Dogecoin operations occurred through Stake in 2017.
Given that another platform, Alphapo, lost $31 million in erroneous cash outs in July 2023, the loss of such a sizable sum is devastating for the casino and the cryptocurrency industry. The fact that over $3.7 billion in cryptocurrency was lost in various exploits and attacks in 2022 shows how susceptible the sector is to criminals.
Who’s Behind the Attack?
Although there is no proof: according to Futureplay news, at this time that points in that way, the sum taken from the Curacao-based gambling platform is significant enough to raise the possibility that state-sponsored attackers are involved, and it is still far too soon for authorities to make a firm decision.
In July 2023, GitHub issued a warning that Lazarus was setting up fake profiles on the platform in order to use social engineering and malware to go after workers at online gambling companies (among others).
Lazarus, a legendary North Korean threat organization recognized for its expertise in carrying out sizable crypto-heists, has had a very productive year.
The heist of $35 million from Atomic Wallet in June, $60 million from Alphapo in July, and a further $37.3 million from CoinsPaid also in July were all attributed to the threat organization.
The North Korean hacker squad was preparing to cash in the $41 million value of stolen digital currencies late last month, according to an FBI warning, which was based on the law enforcement agency’s observation of several signals of laundering funds and readiness for funds movement.
As of right now, Stake.com has not provided any additional information regarding the security flaws that led to the hack of its hot wallets, which is often a consequence of private keys being leaked or otherwise hacked.
Co-founder of the site Ed Craven stated that due to the inherent hazards of hot wallets, just a tiny fraction of the platform’s digital currency holdings are stored in them.
How Did Stake Respond?
Stake has made the decision to compensate all impacted users up to $100,000. The casino has confirmed that it is looking into the hack and that it will be adding more security measures to guard against future attempts.
How to Prevent Similar Hacks
The following tactics can be used to stop a hack like the one that happened at Stake Casino when hot wallet keys were obtained and used to conduct unauthorized transactions:
Make use of the following crypto wallets
Multi-Signature Wallets
Make use of multi-signature wallets, which necessitate the use of several private keys to approve a transaction. By doing this, irrespective of whether one key is stolen, an attacker will be unable to access your money without additionally permitted keys.
MPC wallets (Multi-Party Computational)
An MPC wallet distributes and manages private key data among numerous parties using cryptographic protocols such that no one entity is privy to the entire private key.
Patch and update frequently
Update the software on your hot wallet. Producers of cryptocurrency wallets frequently publish updates that contain security upgrades. Apply fixes and upgrades to your wallet software on a regular basis.
Phishing Protection
Watch out for phishing scams. Be careful while downloading files or opening links related to cryptocurrencies, and carefully check the URLs of websites and email senders.
Policy for Cold-to-Hot Transfer
Establish a rule where money is only moved from cold storage to the hot wallet when it’s required for particular transactions. Don’t keep a lot of money in your hot wallet for a long time.
Consistent Security Audits
Audit the security of your hot wallet network on a regular schedule. Hiring a reputable smart contract audit firm to test for weaknesses and evaluate your overall level of security can help with this.
Summary
The Stake breach serves as a warning that even some of the most secure cryptocurrency networks are vulnerable to assault. Keep in mind that maintaining security requires continuing effort, and the threat environment is constantly changing.
Individuals should always be cautious about the safety of their digital assets and should take all necessary precautions to preserve their private keys. While multi-computational wallets and account abstraction wallets are two possible security measures, it’s crucial for platforms to preserve their cash by utilizing extra security methods like Multisig wallets.
For a more thorough evaluation and advice, you might also think about speaking with security professionals or smart contract audit companies that specialize in cryptocurrency protection.