Hackers behind $41 mln Stake exploit make moves
- The hackers behind the Stake exploit have moved stolen funds worth $4.8 million thus far.
- The FBI had linked the exploit to the notorious North Korea-backed Lazarus Group.
In a significant development, the hackers who carried out the $41 million exploit on crypto betting platform Stake recently moved tokens worth $328,000.
Notably, blockchain security firm CertiK confirmed that the hackers transferred Binance Coin [BNB] and Polygon [MATIC] tokens worth $328,000 to an external wallet on 11 September. The tokens were then bridged to the Avalanche [AVAX] blockchain.
The @Stake exploiter has transferred 300 BNB to EOA 0x695
Funds have been bridged to AVAX https://t.co/CcfRV7EGps
— CertiK Alert (@CertiKAlert) September 11, 2023
The movement involved 300 BNB and 520,000 MATIC tokens.
It was only the last week that the exploit took place following a “private key leak.” Soon after, the hackers bridged funds worth $4.5 million to some Bitcoin [BTC] addresses using a series of new wallets on Polygon and Avalanche.
Over the past 24 hours, the Hacker has been gradually bridging funds to the BTC Blockchain using a series of new wallets on Polygon and Avalanche.
They have so far bridged $4.5M to BTC addresses, with the remaining $36M still held on ETH/BNB/Polygon. pic.twitter.com/fiMy62ABwL
— Arkham (@ArkhamIntel) September 7, 2023
Until press time, the hackers were reported to have moved stolen funds worth $4.8 million. The theft itself was worth $41 million.
Stake is an Australian casino that allows users to deposit and play with crypto. Australian billionaire Ed Craven founded the company in 2017. Financial Times reported gross gaming revenues generated by Stake in 2022 to be $2.6 billion.
What’s the connection to North Korea?
The Federal Bureau of Investigation (FBI) linked the exploit to the Lazarus Group, the notorious hacking group allegedly backed by the North Korean state.
The domestic intelligence agency of the U.S. said that players from the cybercrime syndicate siphoned off funds from the platform to 33 addresses.
The attack on Stake was not out of the blue, though. Software development platform GitHub had already warned of campaigns by North Korean hackers.
The blockchain fraud detection company TRM Labs released a report last month that North Korean hackers stole crypto assets worth $200 million year-to-date (YTD). Hacks executed by North Korean attackers in 2023 were 10x larger than attacks by other actors.
Last month, Reuters published an article citing a United Nations report that North Korea has been developing nuclear weapons with the support of stolen crypto assets. The country has been at the receiving end of punishing economic sanctions by the West.
These strict sanctions have effectively blocked the doors to the global financial system for the country’s young and unemployed. As a result, many of them seek refuge in the anonymous world of cryptos.