Join ACCESS EU, the first-of-its-kind digital assets security and DLT summit
JUNE 7TH, 2024 @ EURONEXT AMSTERDAM ⟶
Halborn Logo

// Blog

Explained: Hacks

Explained: The Stake.com Hack (September 2023)


profile

Rob Behnke

September 7th, 2023


In September 2023, Stake.com — a crypto-based betting platform — was the victim of a hack. An estimated $41 million was stolen from the platform’s blockchain wallets.

Inside the Attack

The Stake.com incident was initially identified based on a series of anomalous transactions on Ethereum. The attacker stole about $16 million from the casino’s Ethereum accounts as well as $25.6 million stolen on BSC and Polygon.

The attack only involved suspicious transfers from hot wallets with no interaction with smart contracts. As a result, the most likely cause is compromised private keys. An attacker — or malicious insider — with access to the private keys could transfer the stolen value from the casino’s accounts.

Lessons Learned from the Attack

The Stake.com attack was most likely caused by compromised private keys. The protocol claims that all funds are safe and that the attack will have no impact on user funds.

Protecting large amounts of cryptocurrency with a single set of private keys leaves it exposed to stolen keys or rug pulls. To learn more about preventing these attacks, check out our blog on how to keep your private keys safe and our blog on multi-signature wallets.