Crypto betting platform Stake silent on reported $41M fund drain
Several blockchain security firms, including Peckshield, have reported the suspicious movements of significant funds on crypto-based sports betting platform Stake.
Cyvers platform first reported the incident, noting that about $16 million of stablecoins were converted into Ethereum (ETH). On-chain sleuth ZachXBT corroborated the report, adding that “another $25.6M was drained on Binance Smart Chain (BSC) and Polygon (MATIC).”
This brings the total amount siphoned from the platform to approximately $41 million as of press time.
Stake has yet to respond to CryptoSlate’s request for comment as of press time and has not issued any public statement about the reported exploit.
Are North Korean attackers involved in Stake exploit?
This is not the first incident involving a crypto-gambling platform. Earlier in the year, Alphapo, a cryptocurrency payment service provider for gambling sites like HypeDrop, Bovada, etc., lost more than $60 million to a security breach of its hot wallet. The U.S. FBI reported that the theft was from North Korea-backed state hackers.
Cryptocurrency researcher Tayvano noted that it was too soon to tell if the exploit could be linked to North Korea because of the limited transactions. The researcher added:
“[The] biggest indicator will come from Stake themselves. e.g. if one of their devs has been applying for a lucrative, high-paying job at cryptocom.”
North Korea’s involvement in illicit cryptocurrency activities, mainly through state-supported actors like the Lazarus hacking group, has raised concerns from authorities worldwide. A CryptoSlate report revealed that North Korean-backed hackers had stolen $497 million in cryptocurrencies from U.S. businesses since 2017.
Meanwhile, CertiK, a blockchain security firm, tentatively associated the incident with a potential private key compromise. However, it’s important to note that no definitive confirmation of malicious activity exists.
Despite these speculations, the exact cause of the exploit remains unknown as of press time.