Implications and lessons in crypto security
Stake.com was recently hacked for $41 million. What happened during the accident? How did the crypto casino giant respond to the attack? Crypto implications and lessons.
The September 4 security breach that cost online crypto casino Stake.com $41 million to hackers is one of the most high-profile attacks on the cryptocurrency industry this year. Since the incident, blockchain security analysts and law enforcement have linked the “suspicious flows” to a sovereign state actor – North Korea's Lazar Group.
On September 7, the Federal Bureau of Investigation (FBI) released a report that identified the Lazarus group as responsible for the theft. The FBI also linked several other crypto hacks to the group, including attacks on AlphaPo, CoinPaid, and AtomicWallet. In the year The group is said to be responsible for an attack that stole over $200 million in crypto in 2023 alone.
Understanding what happened
Blockchain data shows that the Stake.com hack began with a transaction on Ethereum, with hackers transferring nearly $3.9 million worth of the stablecoin Tether (USDT).
The attackers then withdrew 6,001 Ether (ETH), worth $9.8 million at the current market price. Also taken were approximately $1 million USD, $900,000 worth of Dai (DAI) and 333 Stake.com Classic (STAKE) tokens at $75.48 each.
While initial reports of stolen crypto funds reached $16 million, it has risen to $41 million.
On September 7, the platform revealed that the hacker had started cross-chain transactions by transferring the funds to the BTC blockchain via a new wallet on Polygon and Avalanche. As of September 8, $4.5 million has been transferred to BTC addresses. Meanwhile, most of the stolen funds, around $36 million, remain on the Ethereum, Polygon and BNB Chain networks.
Stake.com assures its customers that user funds are safe and only a small percentage of the online casino's total funds are affected. But in the midst of the disaster, several fake accounts on X (formerly Twitter) were hacked, with fake updates trying to trick people into clicking phishing links to get refunds.
Understanding hot wallets and cold wallets
Crypto wallets are essential for storing and managing crypto assets. They come in two main types: hot wallet and cold wallet. Both wallets have their own pros and cons. The right wallet depends on how much crypto an individual holds, their security preferences, and how accessible they want their funds to be.
Hot crypto wallets are always connected to the internet, like exchange wallets. They are typically free and allow users to store, send, receive, manage and view their crypto assets. Access is via any internet-enabled device, including phones, tablets and PCs. This is why hot wallets are preferred for easy access and shopping.
But while hot wallets offer convenience and quick transactions, they are less secure when you want to store high-value assets. Compared to cold wallets, the risk of hacking is high.
As cold wallets store assets offline, accessed through hardware devices, the risk of hacking is significantly lower. The use of cold wallets has increased, especially after the collapse of FTX and the hacking of many other centralized crypto exchanges.
Looking at security aspects
Wallets work with public and private keys, which are cryptographically generated letters and numbers that allow crypto transactions. In traditional banking terms, the public key is like a user's username, while the private keys are like the password needed to access the account. . Without it, you cannot access stored cryptocurrencies.
Adding a layer of security to using hot wallets is key, and this can be done in a number of ways, including splitting wallet keys and storing them in different locations. Other controls such as limits on funds transfers, frequency, and eligible receiving addresses may be helpful. Such measures helped limit the Stake.com hacker to the bank pool and ETH/BSC.
Stake.com's response to the hack
According to Stake.com co-founder Ed Craven, the platform owns a small percentage of the crypto holdings in Hot Wallet. However, in an interview with DL News, he stated that the breach was not caused by the hackers obtaining the private keys of the Stake.com hot wallet.
In a blog post on Medium, Craven noted that the company's team acted quickly following the hack and stopped all withdrawals and deposits to prevent further thefts.
This was done in 20 minutes, the malicious elements were disabled and the necessary preventive measures were put in place within 4 hours. As a result, the attack only affected a portion of Stake.com's reserves meant for big wins. Stake.com quickly took off and began offering loans to customers who sent money during the exploit.
Meanwhile, the company is working with law enforcement and cybersecurity experts to try to catch the hackers.
Stack, which supports 18 cryptocurrencies as a payment method, also indicated that the two games affected by the security breach will remain disabled during the investigation.
Lessons for the crypto industry
The recent security breach at Stake.com echoed warnings about the strength of online crypto platform securities. Major security incidents in history, such as Sony's 2011 PSN hack and the 2017 Equifax data breach, have served as critical learning points in their respective sectors.
Likewise, the Stake.com incident highlights the need for strengthened defense mechanisms in the rapidly evolving crypto space. Such exposures, if left unaddressed, can erode not only immediate financial holdings but also long-term reputation.
Considering the risk posed by Stake.com's financial stocks, there is concern about the reliability of cryptocurrency in day-to-day practical business. This lack of consumer and business confidence could translate into potential delays or cost cuts, which is bad for creators, especially those who recently migrated to Kick in search of a more profitable platform. However, if Stake.com can effectively navigate this turmoil and mitigate its effects, its financial health may remain intact.
This breach prompted industry specialists to re-examine the inherent risks of integrating cryptocurrency functionality into platforms similar to Kick. The event serves as a clarion call to companies considering similar mergers.
To strengthen defenses, platforms should emphasize encryption for encrypted transactions, immutable data protection, fairness through random number generator (RNG) protocols, and layered account protections. It is also important to provide secure transaction methods, maintain active monitoring and ensure customer engagement.
Incorporating AI-based fraud detection will be critical for casinos seeking sustainability and adaptability in the face of advanced threats. Regular security reviews and related certifications reinforce the platform's commitment to maintaining a trusted environment for its user base while maintaining its reputation.
Resiliency of Stake.com operations
In the year Founded in 2017 and based in Curacao, Stake.com is one of the leading crypto casinos in the world. The platform is expected to generate $2.6 billion in revenue by 2022, and recent reports indicate that the gambling platform recorded more than 900 million bets in August.
Beyond the main casino function, Stake.com has established a strong relationship with Kick Streaming, which is renowned for supporting popular streamers including Adin Ross, Amoranz and XKX. In particular, the platform has partnered with Drake as a celebrity ambassador to raise his profile in the industry.
The hacking incident highlights the importance of continuous security updates, vigilance and user education to protect both experienced and novice crypto gamblers.
Before the recent hack, Stake.com took various security measures to protect user data and funds. The platform requires complex passwords and has implemented two-factor authentication (2FA) to add an extra layer of security to user accounts. These measures are designed to prevent unauthorized individuals from accessing user accounts.
The company conducts regular security audits to identify and remediate potential vulnerabilities. This is an attempt to stay ahead of cybercriminals. It also used encryption technologies to protect user data and financial transactions.
In addition, the platform warned users that playing high-risk games could expose them to hacking. Safe gambling, also known as responsible gambling, is strongly encouraged.
To play safely, Stake.com advises players to balance gambling with other recreational activities, set a spending plan and time limit, bet reasonable amounts, take breaks and understand the odds and associated risks. The company reminds you not to over-indulge or upset losses during gambling sessions.
However, it should be noted that no security measure is perfect. The Stake.com hack shows that even well-established and well-supported crypto casinos can be vulnerable. The company has pledged to continue investing in cyber security to quickly adapt to emerging threats.
Conclusion
Stake.com has demonstrated greater resilience during the breach by taking significant steps to improve security and protect user data and funds. However, the incident highlights that even well-established crypto platforms are not immune to such attacks.
Taking the critical role of hot wallets beyond the event, Stake.com's strategic use of secure wallets enables quick recovery and protection of users' funds. However, as the industry continues to grow, Hacks emphasizes that crypto casinos, including Stake.com, must prioritize ongoing vigilance, robust security measures and disaster response mechanisms to ensure the security of digital assets.