In September 2023, Stake.com — a crypto-based betting platform — was the victim of a hack. An estimated $41 million was stolen from the platform’s blockchain wallets.
Inside the Attack
The Stake.com incident was initially identified based on a series of anomalous transactions on Ethereum. The attacker stole about $16 million from the casino’s Ethereum accounts as well as $25.6 million stolen on BSC and Polygon.
The attack only involved suspicious transfers from hot wallets with no interaction with smart contracts. As a result, the most likely cause is compromised private keys. An attacker — or malicious insider — with access to the private keys could transfer the stolen value from the casino’s accounts.
Lessons Learned from the Attack
The Stake.com attack was most likely caused by compromised private keys. The protocol claims that all funds are safe and that the attack will have no impact on user funds.
Protecting large amounts of cryptocurrency with a single set of private keys leaves it exposed to stolen keys or rug pulls. To learn more about preventing these attacks, check out our blog on how to keep your private keys safe and our blog on multi-signature wallets.