On September 4, withdrawals from the cryptocurrency gaming site Stake totaled $16 million, which security firm Cyvers Alerts is describing as “suspicious transactions.” Etherscan’s designation of the withdrawing account as a “Stake.com Hacker” suggests that the cash may have been siphoned as a result of a private key that was taken.
Unusually large withdrawals, including $3.9 million in Tether and $9.8 million in Ether, were made from Stake to an account with no prior activity.
All the stable coins are converted to $ETH and distributed to different EOAs.
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 4, 2023
Blockchain evidence reveals extremely significant withdrawals from Stake.com contracts into the account of the suspected attacker. At 12:48 pm, the initial transfer was place, moving roughly $3.9 million worth of Tether stablecoin from Stake to the attacker’s account. The following two transactions each removed 6,001 Ether, or $9.8 million at the time of writing. Over the following several minutes, the attacker continued to steal tokens, including almost $1 million in USD Coin, $900,000 in Dai, and 333 Stake Classic (STAKE) ($75.48). The entire value of the crypto drained, according to Cyvers, was $16 million.
The alleged attacker allegedly siphoned off the money and split it among many accounts. Stake hasn’t released a statement about the shady withdrawals as of the time of publication.
Dice games, Blackjack, Lingo, and other casino games are available through the cryptocurrency gambling protocol Stake, along with sports betting for basketball, tennis, volleyball, and other sports.
It’s possible that hackers have targeted cryptocurrency gaming sites before in 2023. Alphapo, a supplier of payments services, had $31 million in erroneous withdrawals on July 23. Hypedrop, Bovada, and Ignition were just a few of the cryptocurrency gaming websites that used Alphapo as a supplier.