Stake.com, a popular crypto casino and sportsbook, has resumed all services with instant deposits and withdrawals after losing $41 million worth of cryptocurrencies due to an exploit. The attacker(s) converted the stolen funds to ether and transferred them to multiple wallets. Stake.com assured its users that their funds are safe and that the exploit had been fixed.
According to on-chain analysts and blockchain security firms, the exploit occurred on September 4, when a private key leak allowed the attacker(s) to access Stake.com’s hot wallets on Ethereum, Polygon, and Binance Smart Chain.
The attacker(s) then drained a total of approximately $41 million worth of cryptocurrencies from Stake.com, including 9.62K ETH ($15.7 million), 14.24M MATIC ($7.85 million), and 82.65K BNB ($17.75 million).
The attacker(s) converted the stolen funds to ether (ETH) on decentralized exchanges like Uniswap and SushiSwap and sent them to several external wallets.
Some of the funds were also sent to mixers like Tornado Cash to obfuscate their origin.
How Stake.com Responded
Stake.com quickly detected the exploit and suspended all deposits and withdrawals on its platform. It also notified its users about the incident via Twitter and Telegram and assured them that their funds are safe and that the exploit had been fixed.
Stake.com also said that it is working with law enforcement agencies and blockchain security firms to track down the attacker(s) and recover the stolen funds.
It also offered a $1 million reward for any information that leads to the arrest of the attacker(s).
Stake.com recently announced that all services have resumed, with deposits and withdrawals processing instantly for all currencies. It also thanked its users for their patience and support during this difficult time.
Crypto Exploits in 2023
Stake.com is not the first crypto platform to suffer from an exploit this year. In fact, over $3.7 billion worth of crypto was lost to various hacks and exploits in 2020, although that figure dropped by 70% in the first quarter of 2021.
Some of the notable crypto exploits in 2023 include:
- The Poly Network hack which resulted in the theft of $610 million worth of cryptocurrencies from cross-chain platforms on Ethereum, Polygon, and Binance Smart Chain. The hacker later returned most of the funds after claiming to have done it for fun.
- The Cream Finance exploit which allowed the attacker(s) to borrow $18.8 million worth of AMP tokens from the decentralized lending platform and swap them for ETH. The attacker(s) exploited a reentrancy bug in the AMP token contract.
- The THORChain hack which caused the loss of $8 million worth of ETH from the decentralized exchange connecting blockchains through liquidity pools. The hacker exploited a logic error in the ETH router contract.
These exploits highlight the need for more security and vigilance in the crypto space, as well as more cooperation and coordination among different stakeholders.