Lazarus Group Responsible For $40 Million Stake.com Hack

The FBI has named North Korea's Lazarus Group, a state-sponsored hacking collective, as the party who stole tens of millions of dollars from the online casino. Stake.com is a popular crypto gambling platform that hosts dice games, Blackjack, and other casino games, in addition to sports betting markets.

The theft, which took place on Monday, saw a total of $41 million in different tokens removed from the platform, on multiple chains including Ethereum, BSC, and Polygon. A spokesperson for the platform confirmed the hack and sought to reassure users that their funds had not been affected. Co-founder Ed Craven clarified the limited extent of the damage (the take-home point being that $41 million constitutes only a "small portion" of the platform's total reserves).

No Keys Compromised

Because there were no interactions with Stake's smart contracts, researchers speculated that the most likely vector for the breach was a compromised hot wallet private key.

However, Craven denied that private keys had been stolen, instead stating that it had been a "sophisticated breach" that targeted a service the company used to authorize transactions on the affected chains.

The Lazarus Group has emerged as one of the most prolific perpetrators of cybercrime in recent years. As the FBI comments, "In 2023 alone, DPRK cyber actors have stolen more than $200 million. This amount includes, but is not limited to, approximately $60 million of virtual currency from Alphapo and CoinsPaid on or about July 22, 2023, and approximately $100 million of virtual currency from Atomic Wallet on or about June 2, 2023." Lazarus is also responsible for hacking hundreds of millions of dollars from the Harmony Bridge and Ronin Bridge in 2022.

While a $40 million theft might have spelled the end for many organizations, it was little more than an annoyance for Stake. The company reported revenues of $2.6 billion last year.

Subscribe to our newsletter and follow us on Twitter.