Crypto Updates

Stake hack of $41m was performed by North Korean group: FBI

Stake hack of $41m was performed by North Korean group: FBI


The $41 million hack of crypto gambling site Stake was carried about by the North Korean Lazarus Group, the U.S. Federal Bureau of Investigation (FBI) stated in an announcement on September 7. This group was also responsible for the Atomic Wallet, Alphapo, and CoinsPaid attacks in June and July and has stolen more than $200 million of crypto in 2023, the announcement stated.

Stake is a crypto gambling platform that offers Casino games and sports betting. It was the victim of a cyberattack on September 4 that drained over $41 million worth of cryptocurrency from its hot wallets. The Stake team stated that the hacker only obtained a small percentage of funds and that users would not be affected.

According to the FBI statement on September 7, the Bureau has carried out an investigation and has concluded that the attack was performed by the Lazarus Group, a notorious cybercrime organization believed to be associated with the Democratic People’s Republic of Korea (DPRK). DPRK is also known as “North Korea.”

The FBI listed the addresses where the stolen funds are now held, which exist on the Bitcoin, Ethereum, Binance Smart Chain and Polygon networks. They recommended that all crypto protocols and businesses review the addresses used in the hack and avoid transacting with them, stating:

“Private sector entities are encouraged to review the previously released Cyber Security Advisory on TraderTraitor and examine the blockchain data associated with the above-referenced virtual currency addresses and be vigilant in guarding against transactions directly with, or derived from, those addresses.”

Related: FBI flags 6 Bitcoin wallets linked to North Korea, urges vigilance in crypto firms

The U.S. agency also blamed Lazarus for the Alphapo, Coinspaid and Atomic Wallet hacks, stating that losses from all of these hacks adds up to over $200 million the group has stolen in 2023. Alphapo is a payment processor that suffered over $65 million in suspicious withdrawals on July 23. Coinspaid, another payments firm, lost over $37 million through social engineering sometime in late July. And Atomic Wallet users lost a whopping $100 million in June through an unknown exploit.