- The withdrawals were flagged by Security firm Cyvers Alerts.
- The cryptocurrencies involved in the withdrawals include USDT, ETH, DAI, USDC and STAKE.
- Alphapo, a supplier of payment services to several crypto-gambling sites saw similar erroneous withdrawals on July 23.
Security firm Cyvers Alerts has flagged withdrawals from the cryptocurrency gambling Slake platform totalling $16 million on September 4 as “suspicious transactions.”
Etherscan’s designation of the withdrawing account as a “Stake.com Hacker” suggests that the cash may have been siphoned as a result of a stolen private key.
How the funds were withdrawn from Stake
Blockchain evidence reveals extremely significant withdrawals from Stake.com contracts into the account of the suspected attacker. $3.9 million worth of Tether (USDT), was transferred from Stake to the attacker’s account in the first transaction, which happened at 12:48 pm. Two other transactions took 6,001 Ethereum (ETH), worth about $9.8 million. The hacker did not stop there. He/she continued to steal tokens, including $900,000 worth of Dai (DAI), 333 Stake Classic (STAKE) worth $75.48, and about $1 million in USD Coin (USDC).
All the stable coins are converted to $ETH and distributed to different EOAs.
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 4, 2023
The alleged attacker allegedly siphoned off the money and split it among many accounts.
Crypto gambling sites hacks
Stake has so far not yet released a statement about the shady withdrawals as of the time of publication. Dice games, Blackjack, Lingo, and other casino games are available through the cryptocurrency gambling protocol Stake, along with sports betting for basketball, tennis, volleyball, and other sports.
It’s possible that hackers have targeted cryptocurrency gaming sites before in 2023. Alphapo, a supplier of payments services, had $31 million in erroneous withdrawals on July 23. Hypedrop, Bovada, and Ignition are just a few of the cryptocurrency gambling websites that used Alphapo as a supplier.