Online Gaming Platform Stake.com Loses $40M in Hack

Posted on: September 5, 2023, 02:39h. 

Last updated on: September 6, 2023, 07:20h.

Erik Gibbs Read More
Expertise: Asia Pacific Gaming, Gaming Business, Global Gaming.

Stake.com, the cryptocurrency sports betting and casino gaming platform where the rapper Drake routinely drops million-dollar bets, has become the target of a million-dollar heist. It is the latest victim of hackers that resulted in the loss of over $41 million in cryptocurrency.

Neal Maupay of Stake.com-backed Everton FC on the soccer field
Neal Maupay of Stake.com-backed Everton FC on the soccer field. Stake.com has suffered a hack that led to $40 million in cryptocurrency theft. (Image: Shutterstock)

The attack was initially made public via X (the social media platform formerly known as Twitter) via digital security company Cyvers Alerts. It revealed that the hack was because of a private key leak, adding that it could monitor the hack in real-time.

The theft reportedly hit the Kick backer’s holdings only – not user funds. However, Stake.com turned off withdrawals shortly after it became aware of the attack, restoring them a few hours later.

The account that withdrew the funds has been labeled as “Stake.com Hacker” by Etherscan. The first theft occurred just before 1 p.m. Monday when the hacker(s) transferred approximately $3.9 million of the stablecoin Tether (USDT). Two other transactions for 6,001 Ethereum (ETH), approximately $9.8 million, also occurred.

Big Losses

The hacker(s) later withdrew $1 million in USD Coin (USDC), $900,000 in Dai (DAI), and 333 Stake Classic – the latter’s value was less than $100. The hacker(s) then distributed the funds across various accounts.

A report from Beosin, a security firm, estimated the total loss to be $41.3 million, which included $15.7 million on the Ethereum blockchain and $7.8 million on Polygon. Another $17.8 million from the Binance Smart Chain was also lost.

Stake.com resumed services for users about five hours after halting its activity. It said on social media that Bitcoin, Ripple and Litecoin wallets were unaffected.

Blockchain Security

Most cryptocurrencies operate on public blockchains, meaning all transactions are recorded on a decentralized and transparent ledger. While these transactions are pseudonymous, they can still be traced through addresses.

Exchanges and blockchain analysis firms use sophisticated techniques to cluster multiple addresses together, often called “address clustering.” This helps them determine which addresses are controlled by the same entity, accomplished by analyzing transaction patterns, common input ownership, and other heuristics.

Blockchain analytics companies like Chainalysis and Elliptic provide specialized tools and services to trace cryptocurrency transactions. They gather and analyze data from various sources to track the movement of stolen funds. These tools can uncover patterns, commonalities, and potential connections among addresses involved in the hack.

In some cases, hackers may use privacy-centric cryptocurrencies like Monero or employ mixing services to obfuscate the origin of stolen funds. While this makes tracing more challenging, it’s not impossible. Some blockchain analysis tools are adapting to track privacy coins, and law enforcement agencies are increasingly focusing on this area.

Beosin recently reported that $656 million in crypto was lost through various scams, hacks, and rug pulls in the year’s first half. This is only 34% of the $1.91 billion reported in the first six months of 2022. It added that 45.5% of the assets had been recovered – only 8% was recovered a year earlier.