Yesterday, crypto casino Stake.com suffered a theft of Ethereum (ETH) and BNB worth tens of millions of dollars.
The company has confirmed that unauthorised transactions were made from Stake’s Ethereum and BSC hot wallets, but says that users’ funds are safe.
All other wallets remained operational, so the theft does not affect Bitcoin, Litecoin, XRP, EOS and Tron wallets.
Ethereum and BNB millions stolen from Stake.com crypto casino
Analysis of on-chain transactions revealed that ETH, USDC, USDT and DAI worth a total of $16 million were stolen from the Ethereum wallet.
After subtraction, all stablecoin tokens were converted to ETH. It is believed that they were converted to Ethereum to prevent the stolen funds from being blocked by Tether or Circle.
A total of 6,000 ETH appears to have been misappropriated.
In addition, tokens worth $17.8 million were stolen from the BSC chain and $7.8 million from the Polygon wallet.
In total, the theft netted the thieves approximately $40 million.
The unauthorised transactions took place between 8:52am ET and 10:05am ET yesterday.
According to MetaMask product manager Taylor Monahan, the transactions appear to have been “quite methodical”, leading to speculation that the Stake.com platform was systematically compromised.
In fact, they would have been carried out directly from the platform’s internal systems, thanks to the theft of private keys.
These were hot wallets, not cold wallets with offline keys.
The perpetrators of the theft have not yet been identified.
About the platform
Stake.com is a gambling website that allows people to place bets using cryptocurrencies.
The company is based in Curacao and describes its platform as a leading crypto casino.
It allows people to place bets on sports and online games using BTC, ETH and DOGE.
The platform was launched in 2017, and also allows betting in fiat currencies, such as the US dollar.
The company has had some problems before, but these have been legal in nature. Yesterday’s breach, however, seems to be the first I am aware of.
Although crypto casinos are not the most common online casinos, they have had some success over time, largely due to their anonymity.
By not requiring KYC and allowing deposits and withdrawals in cryptocurrencies, they allow betting from anywhere in the world with anonymity.
This also allows any income to be hidden from tax authorities, as well as the use of unverified funds.
However, Stake.com is one of those crypto casinos with restrictions. For example, it cannot be used from anywhere in the world.
It also has KYC in some cases, so much so that it even asks for IDs from users for whom it needs to verify identity or the origin of funds. It also follows AML (Anti-Money Laundering) and ATF (Anti-Terrorist Financing) guidelines.
As probably the largest crypto casino in the world, this means that anonymity alone is not the winning weapon for this type of online service.
Instead, it is possible that those who use this platform do so primarily because they have cryptocurrency in their wallets that they wish to use to place bets.
Stake.com and crypto theft in Ethereum and BNB
Yesterday’s theft has not disrupted the operation of Stake.com, which continues to operate as normal.
The company has also stated that customer funds are safe and has resumed withdrawals.
At this stage, it is safe to assume that either the stolen funds were the property of the company and not the users, or that the company has sufficient funds in the till to cover the shortfall.
Given that the theft was from hot wallets, it is plausible that it was user funds, but the company appears to believe that it can cover the shortfall in full.
In such cases, withdrawals are sometimes closed indefinitely, raising the prospect of bankruptcy. This does not appear to be the case with Stake.com.