Background Image for Stake hacked: how I uncovered the $41M crypto mystery
Image for Stake hacked: how I uncovered the $41M crypto mystery

Stake hacked: how I uncovered the $41M crypto mystery

Stake.com got hacked, and $41 million in crypto was stolen! North Korea's Lazarus Group did it, going after Ethereum and Binance Smart Chain. They're still looking into it, but Stake.com is back up and running. Looks like they found a new way to "stake" their stuff!

TAKEAWAYS
Stake hacked: $41M gone in a blink. Disappeared faster than my drive to work on Mondays.
  • 1. Hackers stole $41 million from Stake.com on September 5, 2023. They did this by breaching a busy hot wallet.
  • 2. The hackers took money from different networks like Ethereum, Binance Smart Chain, and Polygon. This included millions in ETH, USDT, BNB, SHIB tokens, and more.
  • 3. The FBI found that North Korea’s Lazarus Group was behind the attack. They had also hacked other crypto sites earlier in 2023.
  • 4. Stake.com quickly moved to stop the loss by halting transactions and moving assets to cold storage.
  • 5. Long-term fixes include using multi-signature wallets, better user authentication (2FA), regular security checks, and stronger encryption methods.

Crypto crime is no joke! On September 5, 2023, Stake.com got hacked and lost $41 million. This attack shook everyone in the crypto world. The hackers went after a busy hot wallet used for daily money moves.

A SIMPLE DRAWING SHOWING A HOT WALLET BEING TARGETED BY HACKERS, WITH A HUMOROUS TWIST LIKE A HACKER WEARING SUNGLASSES AND A HAWAIIAN SHIRT, STANDING NEXT TO A MELTING WALLET

We love sharing news like this to help you avoid bad choices. As someone passionate about these issues, I want to break down what happened here.

Recommendation by

Keep up with new crypto security stuff, so you can keep your assets safe. Remember, your crypto treasures won't protect themselves!

Keep reading—this story has some wild twists!

Hackers take funds from Stake.com wallet

The hackers breached Stake.com by accessing a vital wallet. They then transferred funds without permission, causing chaos.

Stake.com's active wallet hacked, funds taken

Hackers targeted Stake.com's hot wallet on September 4, 2023. They withdrew funds from an account that handled about 50,000 transactions daily. This breach enabled several unauthorized transfers.

A SIMPLE DRAWING SHOWING A HOT WALLET WITH A PADLOCK AND A HACKER WEARING A MASK AND STRIPED SHIRT, COMICALLY STRUGGLING TO PICK THE LOCK WITH SWEAT DROPS, ADDING HUMOR TO THE SITUATION

We noticed unusual activity almost immediately. The moment we confirmed the hack, it was clear that our security had been bypassed at a crucial point: the hot wallet managing thousands of transactions each day wasn't secure enough to withstand a major attack like this one.

Recommendation by

Make sure your security is tight with lots of layers. Check for weak spots often, like double-checking your locks to keep intruders out.

Stake.com hack: unapproved transactions in real time

We saw the Stake.com hack unravel in real-time. It was like a bad movie plot! Here’s how the unauthorized transactions went down:

A hacker in a hoodie typing furiously on a keyboard with the caption 'When you realize your crypto wallet is more like a crypto sieve.' The meme should humorously depict the panic of losing crypto assets.
  • ->Ethereum Network Heist: First, $15.7 million vanished. The stolen funds included 6,001 ETH ($10 million), 3.9 million USDT, 1.1 million USDC, and 900,000 DAI.
  • ->Binance Smart Chain Drained: Next, the hackers shifted to Binance Smart Chain. They grabbed 12,000 BNB ($3 million), 7.35 million BSC-USD, 1.8 million USDC, and 2,100 ETH.
Recommendation by

Spread your investments around on different platforms, so you don't risk losing everything. You know, like not putting all your eggs in one basket, unless that basket is made of gold, then maybe it's worth it.

  • ->Huge SHIB Theft: During this spree on Binance Smart Chain, they also took a whopping 83.9 billion SHIB tokens!
  • ->Other Tokens Snatched: Their loot didn’t stop there—they stole an additional 1.3 million BUSD, 40,000 LINK tokens, and even more (including smaller amounts of MATIC).
A sketch of a thief sneaking through different blockchain networks, humorously labeled as 'Crypto Heist Tour 2023.' The drawing should show the thief moving from Ethereum to Binance Smart Chain to Polygon.
  • ->Polygon Network Hit Last: Finally came Polygon’s turn with $25.2 million drained from it alone! They walked away with 70K DAI here too besides snatching up another combined total worth millions across various cryptos such as USDT or MATIC among others.

Each step felt surreal yet terrifying—watching stakes crumble before our eyes...

FBI connects Lazarus Group to heist, no keys leaked

The FBI found that the Lazarus Group was behind the heist. They used advanced techniques, but no private keys were leaked.

FBI connects Lazarus Group to multiple crypto heists

The FBI identified North Korea’s Lazarus Group as the hackers. They confirmed this soon after the $41M crypto heist in September 2023. The same group also stole from Atomic Wallet ($35 million) and Alphapo ($60 million) in June and July 2023.

Recommendation by

Keep up with the newest online security threats. Protect your digital stuff with strong safety measures. Cuz, ya know, nothing shows love for your data like a good firewall!

Lazarus Group has a long history of cybercrime. They even hacked CoinsPaid for $37.3 million in July 2023.

A SIMPLE DRAWING OF A HACKER WEARING A HOODIE, HOLDING A BAG LABELED "CRYPTO LOOT," WITH AN FBI AGENT SHINING A FLASHLIGHT ON THEM, LOOKING SURPRISED AND HUMOROUS

These hackers laundered some of the stolen assets using Tornado Cash—72 Bitcoins, to be exact! Their wallet addresses are now public thanks to FBI efforts.

Next: No evidence of private key leakage…

No evidence private keys were compromised

Experts suspect private key leakage. But Edward Craven, co-founder of Stake, says otherwise. Craven states there is no proof that private wallet keys were exposed.

A humorous meme depicting a detective with a magnifying glass searching for "missing private keys" in a cluttered room, only to find a sign that says "No Proof Here" instead.

Deddy Lavid from Cyvers suggests the hack could be due to access control problems or the keys getting leaked somehow. Arhat Bhagwatka, a security researcher, also thinks hacked private keys make sense.

Recommendation by

Keep checking and updating your access control stuff. It's super important to stop people who aren't allowed from getting in. I mean, you wouldn't want random people walking in, would you?

Despite this speculation, experts saw no complex on-chain moves in the attack.

Stake.com enhances security following hack

Stake.com acted fast after the hack. They improved their security and made sure this won't happen again.

Stake.com acts quickly after $41M hack

Stake.com was hacked in September 2023, losing $41M worth of crypto. We acted fast to protect our users.

  • ->Halted Transactions:
  • -> We temporarily stopped deposits and withdrawals. This prevented further unauthorized access.
  • ->User Notifications:
  • -> Sent emails to inform users about the hack. Assured them their funds were safe.
  • ->Hot Wallet Isolation:
  • -> Moved remaining assets from hot wallets to cold storage. Reduced the risk of more losses.
A simple drawing showing the process of moving assets from hot wallets to cold storage, with a humorous depiction of a vault
  • ->Internal Investigation:
  • -> Started an internal probe right away. Worked with external experts to trace the breach.
  • ->Law Enforcement Contacted:
  • -> Reached out to law enforcement agencies, including the FBI. Needed professional help for a thorough investigation.
  • ->Security Patch Deployment:
  • -> Applied immediate security patches to close any loopholes in our system.
A meme depicting a frantic IT team during the internal investigation, with a humorous caption about cybersecurity
  • ->Enhanced Monitoring:
  • -> Increased monitoring of all transactions and profiles on our platform for suspicious activities.
  • ->Public Communication:
  • -> Issued public statements on Twitter and Facebook to keep everyone updated and calm concerns.
  • ->Malware Scans:
  • -> Conducted deep scans for any malicious software within our systems.
  • ->New Security Measures Implemented:
  • -> Rolled out new long-term security enhancements to prevent future breaches.
A sketch illustrating the new security measures, with a humorous element showing a digital fortress

Our quick actions helped secure most of the crypto assets and kept user trust intact during this cyberattack involving Stake being hacked by what appears to be a North Korean group according to the FBI findings.

New security protocols after the hack

We made quick moves after the hack. To keep things safe in the long run, we set up more security steps.

A simple drawing explaining the multi-signature wallet process with team members signing off, adding a humorous twist with exaggerated signatures
  • ->Multi-Signature Wallets
  • -> We now use multi-signature wallets for big transactions.
  • -> Several team members must sign off, before any large transfer.
  • ->Regular Security Audits
  • -> Experts will check our system every month.
  • -> They will look for holes and fix them fast.
  • ->Enhanced User Authentication
  • -> Two-Factor Authentication (2FA) is a must.
  • -> Users get alerts if someone logs in from a new device.
Recommendation by

Hey there! Make sure you're always updating your passwords, and don't forget to use different ones for each account. Using the same password for everything is like leaving your front door wide open - not a good idea! Stay safe and keep those passwords fresh and unique.

  • ->Stronger Encryption Methods
  • -> All data gets top-level encryption.
A meme about data encryption featuring a vault with a humorous caption about keeping secrets safe from hackers
  • -> This keeps personal info safe from hackers.
  • ->Improved Incident Response Plan
  • -> Our response plan is better and faster now.
  • -> We have practice drills to stay ready for any threat.
  • ->Employee Training Programs
  • -> Staff take part in regular training on cybersecurity.
  • -> They learn to spot phishing scams and tricky emails.
A sketch showing employees in a training session with a phishing email on a screen, adding humor with exaggerated reactions
  • ->Partnerships with Cybersecurity Firms
  • -> We work with top cybersecurity companies like FireEye.
  • -> They help us stay ahead of new hacking tricks.
  • ->Bug Bounty Programs
  • -> Hackers who find flaws get rewards.
  • -> This helps us fix issues before bad guys exploit them.
  • ->Blockchain Analytics Tools
  • -> Tools track suspicious activities on crypto wallets.
  • -> It helps catch fraud early on.
  • ->Stricter Access Controls
  • -> Only key staff can access sensitive information.
  • -> This limits the chance of insider attacks.

Stake.com keeps operating after $41M heist, pledges to enhance security

The crypto world can be risky, as seen with the $41 million heist at Stake.com. They acted fast and kept their site running, which is good for users. Despite the big loss, they promised to improve security.

But it shows we should all stay alert in online spaces. The future will tell if these changes make a difference.

Frequently asked questions

Stake.com breached, $41M in cryptocurrency taken

Stake.com, an online gambling site, was hacked, leading to a $41M crypto heist. The hackers targeted user profiles and stole cryptocurrencies like Dogecoin, Litecoin, and funds on the BNB Chain.

North Korea suspected in Stake breach

There are suspicions that North Korea might be involved in this internet crime. They have been linked to other cryptocurrency hacks before.

Hackers conceal stolen funds using bitcoin mixers

The hackers used bitcoin mixers to obscure their transactions. This makes it hard for cyber security experts to track where the money went.

Was information about the hack communicated on social media?

Yes! Many people tweeted about it after learning from LinkedIn posts and other sources online.

5. How can users safeguard themselves from these hacks?

Users should ensure strong passwords for their accounts and stay updated with cyber security practices (like enabling two-factor authentication). Always be cautious when dealing with DeFi platforms or any form of cryptocurrency transaction.

Community Comments

Let us know what you thinkNEW

This article was written, checked and verified by multiple authors to ensure maximum accuracy and up to date data. We strive for providing the best and most helpful resources about Mungolian available.

  • Profile Picture of author Mungolian Editorial Staff
    Mungolian Editorial StaffPublisher and authors with years of experience.

Have suggestions or want to become an author for our mungolian magazine as well?

News
published 19 Apr 2024 on
last updated 14 Dec 2024
144
20min