Crypto gambling site Stake experienced $16 million in withdrawals on Sept. 4 in what security platform Cyvers Alerts is calling “suspicious transactions.” The withdrawing account has been labeled “Stake.com Hacker” by Etherscan, implying that the drained funds may be the result of a stolen private key.
All the stable coins are converted to $ETH and distributed to different EOAs.
— Cyvers Alerts (@CyversAlerts) September 4, 2023
Blockchain data shows very large withdrawals from Stake.com contracts into the alleged attacker’s account. The first transaction occurred at 12:48 pm, transferring approximately $3.9 million worth of stablecoin Tether (USDT) from Stake to the attacker’s account. The next two transactions removed 6,001 Ether (ETH), worth approximately $9.8 million at the current price. The attacker continued to remove tokens over the next few minutes, including approximately $1 million in USD Coin (USDC), $900,000 worth of Dai (DAI) and 333 Stake Classic (STAKE) ($75.48). Cyvers estimated the total value of the crypto drained to be $16 million.
After draining the funds, the alleged attacker distributed them to multiple accounts. At the time of publication, Stake has not made an announcement regarding the suspicious withdrawals.
Stake is a crypto gambling protocol that offers dice games, Blackjack, Lingo and other casino games, as well as sports betting for basketball, tennis, volleyball and others.
This is not the first time in 2023 that crypto gambling sites may have been targeted by hackers. On July 23, payments provider Alphapo suffered $31 million in suspicious withdrawals. Alphapo was a provider for several crypto-gambling sites, including Hypedrop, Bovada and Ignition.
This is a developing story, and further information will be added as it becomes available.