Hackers have stolen over $40m in cryptocurrency from the self-styled “world’s leading betting platform,” the firm has revealed.
Curaçao-headquartered Stake.com offers casino and sports betting for players using cryptocurrency. However, the firm flagged on Monday that it had spotted unauthorized transactions being made from its Ethereum (ETH) and Binance Smart Chain (BSC) hot wallets.
“We are investigating and will get the wallets up as soon as they’re completely re-secured. User funds are safe,” it said.
BTC, LTC, XRP, EOS, TRX and “all other wallets” were untouched by the hackers, the firm claimed.
In crypto, hot wallets are less secure than cold wallets because public and private keys can be reached from the internet, enabling remote access and unauthorized activity. This appears to be what happened to Stake.com, although the firm has revealed few other details.
On the same day, Stake.com announced that the issue had been remediated.
“All services have resumed! Deposits & withdrawals are processing instantly for all currencies. We apologise for any inconvenience,” the firm said in another post to X (formally Twitter).
The incident was first flagged by blockchain security company Cyvers, which said its AI monitoring tools had picked up suspicious activity – specifically that $16m worth of Ethereum cryptocurrency had been withdrawn from Stake.com. The stolen crypto was then transferred to other external wallets, the firm claimed.
Further sleuthing by blockchain investigator ZachXBT revealed that an additional $25.6m in BSC and Polygon was drained from the hot wallets.
Hot wallets are a common target for attack by state-sponsored and cybercrime actors. In July, Kaspersky warned of a new malicious email campaign that delivered 85,000 scam messages during the spring of 2023 alone.