Image: Art Rachen (unsplash)
Online cryptocurrency platform Stake.com disclosed that its ETH/BSC hot wallets had experienced unauthorized transactions, resulting in the theft of more than $40 million in digital currency.
The platform swiftly confirmed that user funds were unaffected, and all other wallets, including those for BTC, LTC, XRP, EOS, and TRX, stayed operational despite the incident.
During the ordeal, multiple users voiced concerns on various platforms about facing difficulties in executing deposits or withdrawals on Stake.com.
Recently, Stake.com updated its community, notifying them that services were back online, enabling users to transact in all supported currencies.
Blockchain analysis teams, PeckShield and ZachXBT, delving into the transaction details, highlighted that the intruders made away with $15,700,000 in Ethereum and a combined $25,600,000 in Binance Smart Chain (BSC) and Polygon.
These figures consolidate the loss at $41,300,000, marking it as one of the most significant digital currency thefts of 2023.
Given the size of the theft from the Curacao-based gaming platform, speculations arise about potential involvement of major threat groups, though no concrete evidence supports these claims at this juncture. Thus, analysts remain cautious in their conclusions.
Earlier in 2023, GitHub issued alerts about a group known as Lazarus, who were setting up counterfeit accounts on their platform. These accounts aimed at targeting employees of online gaming platforms and others with deceptive tactics and malicious software.
The well-known threat entity, Lazarus, recognized for executing substantial digital currency thefts, showcased an active year. Reports linked them to heists of $35 million from Atomic Wallet in June, $60 million from Alphapo in July, and a subsequent $37.3 million from CoinsPaid within the same month.
Towards the end of the previous month, a certain federal agency flagged alerts about the group intending to liquidate $41 million in stolen digital assets. These warnings were based on observed activities hinting at preparations for money laundering and fund transfers.
As of now, Stake.com has been reserved about divulging specifics related to the security lapse that enabled the intrusion into their hot wallets. These breaches are typically associated with private key exposures or similar vulnerabilities.
Ed Craven, a co-founder of the platform, stated that only a minimal fraction of the platform’s digital currency reserves are housed in hot wallets due to the inherent associated vulnerabilities.