Pages:
Author

Topic: I lost all my crypto in Stake.com (Read 360 times)

legendary
Activity: 2632
Merit: 1462
Yes, I'm an asshole
August 23, 2024, 11:07:07 AM
#25
And I looked up in my gmail, and there was no access from outside Brazil, so the hacker did all this without any kind of access to my gmail, just by the stake website.

The sad part is that I took the 2FA out because my phone was having problems turning on and I was afraid I was gonna loose my funds.

Anyway, all the crypto was obtained by me betting with the monthly bonus I received over the years, I never transfer from another wallet or anything like that (but stills hurts loosing them).

If it's any consolation, if we refer to the past and similar case the 2FA won't mean much. The hacker can "bypass" 2FA. The player on the referenced post had his 2FA set in place, and his fund were still nonetheless drained.

So, it's not your fault and stop beating yourself with the "what if... I didn't took the 2FA" thought, because it won't matter, you'll quite likely still got hacked. It's not your fault. Don't dwell on that part. Your situation is already bad enough without you kicking yourself.

And know that though this few days and weeks ahead seems a dreadful living nightmare for you, you're not at rock bottom. See it as a hiccup of your life. You can still get up and brushed the dust from your knees and shoulders, and then keep walking.
newbie
Activity: 11
Merit: 0
August 22, 2024, 03:55:58 PM
#24
The screenshot from the IP activity in my account

https://www.talkimg.com/images/2024/08/18/73dtP.png


the screenshot from the transfers from my account

https://www.talkimg.com/images/2024/08/18/73uLq.png

So you mean the same day a connection has been made from Brazil and another one from the other side of the world, from Latvia in Eastern Europe, and it didn't trigger anything when a password change and several withdrawal requests to new crypto addresses covering all your funds have been made from this new location 11 000 km away? They didn't think one second, that your password could have been compromised by a hacker from Eastern Europe or elsewhere? While they refuse withdrawals to other people KYC level 4 verified because one document they require is missing, saying they could have stolen the identity of someone else LOL  

And I looked up in my gmail, and there was no access from outside Brazil, so the hacker did all this without any kind of access to my gmail, just by the stake website.

The sad part is that I took the 2FA out because my phone was having problems turning on and I was afraid I was gonna loose my funds.

Anyway, all the crypto was obtained by me betting with the monthly bonus I received over the years, I never transfer from another wallet or anything like that (but stills hurts loosing them).
legendary
Activity: 2604
Merit: 2353
August 21, 2024, 03:47:41 PM
#23
The screenshot from the IP activity in my account




the screenshot from the transfers from my account



So you mean the same day a connection has been made from Brazil and another one from the other side of the world, from Latvia in Eastern Europe, and it didn't trigger anything when a password change and several withdrawal requests to new crypto addresses covering all your funds have been made from this new location 11 000 km away? They didn't think one second, that your password could have been compromised by a hacker from Eastern Europe or elsewhere? While they refuse withdrawals to other people KYC level 4 verified because one document they require is missing, saying they could have stolen the identity of someone else LOL  
legendary
Activity: 2632
Merit: 1462
Yes, I'm an asshole
August 19, 2024, 04:56:49 AM
#22
I just changed my Stake's account password to test this and you are right! They didn't request an email verification to approve the changes or even send a notification email.
When I changed my password after the hacker, it sent me a notification in my e-mail. And it sent me another notification when I add the 2FA again. And I disable the 2FA just to do a test, and I got notified too, but when the support disabled the hacker 2FA for me, I didn't get notified, so that's why I thought it was a inside job (be able to do these things and not notify the email related to the account), so I basically just made this accusation in order to see if there was other people with the same problem as me and what they did after.
This is a fucked up security practice that Stake is still continuing. Based on other replies this is not the first time happened, even with the 2FA enabled. Also CS changing things without any email notification will give you a hint in this practice. This will still have similar incident in the future until they made change to it.

A small correction to make things clear and avoid any unintentional misunderstanding, Stake's CS did not change things. They do didn't give any notification upon password change and 2FA activation, but it's not them who change those security measures in the first place.



Thanks for sharing the other cases (the one that happen with the 2FA set in makes me think that the best way for me is just stop betting with stake or any other brand).[...]

Perhaps this is the best way, to stop gambling completely. After all, gambling is intended for fun and recreational purpose. If you don't enjoy it, then it failed its purpose and you'll probably set for a better life without it.
hero member
Activity: 1554
Merit: 880
pxzone.online
August 18, 2024, 04:53:56 PM
#21
I just changed my Stake's account password to test this and you are right! They didn't request an email verification to approve the changes or even send a notification email.
When I changed my password after the hacker, it sent me a notification in my e-mail. And it sent me another notification when I add the 2FA again. And I disable the 2FA just to do a test, and I got notified too, but when the support disabled the hacker 2FA for me, I didn't get notified, so that's why I thought it was a inside job (be able to do these things and not notify the email related to the account), so I basically just made this accusation in order to see if there was other people with the same problem as me and what they did after.
This is a fucked up security practice that Stake is still continuing. Based on other replies this is not the first time happened, even with the 2FA enabled. Also CS changing things without any email notification will give you a hint in this practice. This will still have similar incident in the future until they made change to it.
newbie
Activity: 156
Merit: 0
August 18, 2024, 04:05:45 PM
#20
Expensive lesson,
Wrong to blame Stake for that
newbie
Activity: 11
Merit: 0
August 18, 2024, 02:05:37 PM
#19
and there was my local currency (BRL) too (they only allows you to transfer my local currency to a account with my Social Number in it)

So, the SOAB knowing he couldn't get my BRL, he just bet all of it in a game called Keno and lost it all. Cry
newbie
Activity: 11
Merit: 0
August 18, 2024, 01:50:10 PM
#18
the conversation (it is in portuguese) with the support:

Conversation with Stake.com
Started on August 15, 2024 at 02:21 AM Belgrade time CEST (GMT+0200)

---

02:21 AM | danielpires91: there's 3 transaction from 2 days ago that I didn't do

02:22 AM | danielpires91: someone stole all my USDT, BTC and ETH

02:22 AM | Andrew from Stake.com: Olá, tudo bem?👋
 
 Obrigado por entrar em contato conosco!
 
 Como posso ajudar?

02:22 AM | danielpires91: existe 3 transferências na minha conta que eu não fiz

02:23 AM | danielpires91: simplesmente, alguem entrou e roubou todos os meus USTD, BTC e ETH

02:23 AM | danielpires91: e ate os 136 reais que eu tinha la sumiram

02:23 AM | Andrew from Stake.com: Só um momento, por favor.

02:24 AM | danielpires91: okay

02:29 AM | Andrew from Stake.com: Obrigado por aguardar!
 
 Sentimos muito pelo ocorrido. Se você acredita que a sua conta está comprometida, realize esses passos:
 
 1) Mude a sua senha.
 
2) Oferecemos a autenticação de dois fatores como uma camada extra de proteção. Posso te auxiliar na configuração do 2FA se for o caso.
 
 3) Certifique-se que de está utilizando uma rede de internet segura e em um dispositivo próprio e não de terceiros ou público.
​
4) Você pode encerrar sessões em dispositivos onde você não conhece a localização.
Para isso vá em Conta > Configurações > Sessões e clique em Remover Sessão caso não reconheça uma localização.
 
 O Stake , como segurança, oferece transações PIX utilizando apenas o seu CPF como chave PIX. Se houve uma transação em sua conta em PIX, essa transação foi para a sua conta bancária onde o seu CPF está cadastrado como Chave PIX.
 
 Infelizmente não temos como cancelar essas transações, já que elas foram concluídas e confirmadas.
 
 Caso tenha alguma outra dúvida, por favor, me avise.
 
​

01:34 AM | Stake Support: Olá danielpires91! Você recentemente entrou em contato com nossa equipe de Suporte ao Cliente. Por favor, poderia nos dar alguns segundos para nos dizer o quão satisfeito você está com o atendimento que recebeu, selecionado uma das seguintes opções:

01:34 AM | Stake Support: Classifique a sua conversa

---
Exported from Stake.com on August 18, 2024 at 08:00 PM Belgrade time CEST (GMT+0200)
newbie
Activity: 11
Merit: 0
August 18, 2024, 01:43:09 PM
#17
The screenshot from the IP activity in my account

https://www.talkimg.com/images/2024/08/18/73dtP.png


the screenshot from the transfers from my account

https://www.talkimg.com/images/2024/08/18/73uLq.png
newbie
Activity: 11
Merit: 0
August 18, 2024, 01:36:46 PM
#16
OP, well... Technically Stake is not the one scamming you here, though their lack of countermeasure of a hacking is really concerning. There are, as I recall, two past cases with similar nature. I am not familiar with the older one, so I barely have any idea of how that happened and how the story rolled, but the other one even had his 2FA set in place and it was bypassed as well.

I honestly don't think there is much we can do for this case, but if you don't mind, just to give more context, do you mind to provide that screenshots of conversation with their support? Just so we can see how Stake react to this kind of situation.

Don't worry much about it being in BP, I believe someone trusted will be more than helpful to translate them for us, and we always have our friendly-neighborhood-google-lens that'll do the translation if there is no one to jump in.

Also, what did your IP login session told you?

Thanks for sharing the other cases (the one that happen with the 2FA set in makes me think that the best way for me is just stop betting with stake or any other brand).

I will provide bellow the prints from my stake account with some of the activities.

This is the ETH transaction (from my stake account to the hacker wallet)

https://etherscan.io/tx/0x92e58a838ffbb7e5e14a48d99450563934fc106584aba14a8b63ca276a9d0c3c

If you click in the activities from the account that receive my ETC, you will see a lot of transferings coming from stake (actually there was one just 24 hours ago, but there is one more than a year ago).

Link to see the trasations of the "hacker" wallet:

https://etherscan.io/address/0x7546de9514ab7070a1bd0a385373a099b6ce2027


About the BTC and USDT, were is the transactions:

https://tronscan.org/#/transaction/ba454e1efaf8bc0e3935f7ea55006c4747f31dc9610d56bcd770ada4fc26798f

https://www.blockchain.com/pt/explorer/transactions/btc/d46fcbda2da29461652f1ae8a1fb110cc5681a26b46469654d69b628e7fff84b
newbie
Activity: 11
Merit: 0
August 18, 2024, 01:28:40 PM
#15
This is a sad one, and note that this could be an insider job in the sense that someone close to you may have hard access to your phone or better still clone your phone and is it to carry out this transactions, because aside from you no one have access to a password change, even stake backend policy state that the platform doesn't have aceess to your password, but if such happens and the account is still in order, you can share more evidence by taking screenshot of your account.

Most important the part that covers the time and transactions, both with the password change, so that we could know if the password reset was through email or not.

I don't think it was a insider job from someone next to me because except from my mom, no one knows I bet with stake.com or have any funds in there.

I will provide some information (IP login, support conversation, etc) bellow.
newbie
Activity: 11
Merit: 0
August 18, 2024, 01:14:23 PM
#14

On the other hand, when the hacker accessed your account you should have received an email when he logged in.


That is what I thought too, I always receive this email warning about new login. But this time I did not receive anything (unless the hacker could somehow hack my gmail and delete this warning as soon as it was sent from stake).

But every time I try to login my gmail from a new device, it has a lot of steps, which involves even my phone Samsung S20 FE (I can enter unless I have my phone with me and confirm the login attempt).
legendary
Activity: 2632
Merit: 1462
Yes, I'm an asshole
August 18, 2024, 12:25:51 PM
#13
OP, well... Technically Stake is not the one scamming you here, though their lack of countermeasure of a hacking is really concerning. There are, as I recall, two past cases with similar nature. I am not familiar with the older one, so I barely have any idea of how that happened and how the story rolled, but the other one even had his 2FA set in place and it was bypassed as well.

I honestly don't think there is much we can do for this case, but if you don't mind, just to give more context, do you mind to provide that screenshots of conversation with their support? Just so we can see how Stake react to this kind of situation.

Don't worry much about it being in BP, I believe someone trusted will be more than helpful to translate them for us, and we always have our friendly-neighborhood-google-lens that'll do the translation if there is no one to jump in.

Also, what did your IP login session told you?
hero member
Activity: 770
Merit: 828
Leading Crypto Sports Betting & Casino Platform
August 18, 2024, 11:35:28 AM
#12
I just have one question, how do you know that those address received funds from stake because it's almost impossible to trace the funds in that way by ourselves.


Funds (USDT, ETH, ... ) that are sent from stake can be identified as a stake address.
Looks for example here: https://etherscan.io/address/0x974caa59e49682cda0ad2bbe82983419a2ecc400
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
August 18, 2024, 09:57:25 AM
#11
I just have one question, how do you know that those address received funds from stake because it's almost impossible to trace the funds in that way by ourselves.

And lack of notification about email change is definitely a security flaw but here stake has no reason to be blamed unless you prove that you never let anyone to access your account by any means like can be infected with malware, clipboard hijacker then the hacker able to use your keystrokes and accessed your funds.
legendary
Activity: 2604
Merit: 2353
August 18, 2024, 09:48:13 AM
#10
1. I think it's important you share other details in your report screenshots of your chat with support, email notifications when you changed the 2-factor authentication etc. if you want your claim to look authentic.
2. If the money has already been moved out of your account, there is nothing much they can do to help you, since it was due to your negligence when it came to the security of your funds. This should not even be a scam accusation against Stake.
I'm sorry but I disagree with that, security of the funds doesn't only belong to the customer, it's a shared responsability between the customers and the platform. If the hacker has been able to login from a new IP address (especially one from another country or area), change his password and make a withdrawal to a new crypto address in one go without any email or SMS link/code, there is something wrong in the security policy of the platform.  
hero member
Activity: 1022
Merit: 667
Top Crypto Casino
August 18, 2024, 08:11:50 AM
#9
This is a sad one, and note that this could be an insider job in the sense that someone close to you may have hard access to your phone or better still clone your phone and is it to carry out this transactions, because aside from you no one have access to a password change, even stake backend policy state that the platform doesn't have aceess to your password, but if such happens and the account is still in order, you can share more evidence by taking screenshot of your account.

Most important the part that covers the time and transactions, both with the password change, so that we could know if the password reset was through email or not.
hero member
Activity: 770
Merit: 828
Leading Crypto Sports Betting & Casino Platform
August 18, 2024, 05:50:26 AM
#8

Well, lesson learned.  Cry
You should ALWAYS have 2FA activated, on any site where you are holding funds. Not doing so opens the door for something like this unfortunate case to happen.
Not receiving any notification via email that the password has been changed is not cool though, that's true.

On the other hand, when the hacker accessed your account you should have received an email when he logged in.
Every time I log into my account I get an email looking like this:

newbie
Activity: 11
Merit: 0
August 17, 2024, 07:04:15 PM
#7


I just changed my Stake's account password to test this and you are right! They didn't request an email verification to approve the changes or even send a notification email.

When I changed my password after the hacker, it sent me a notification in my e-mail. And it sent me another notification when I add the 2FA again. And I disable the 2FA just to do a test, and I got notified too, but when the support disabled the hacker 2FA for me, I didn't get notified, so that's why I thought it was a inside job (be able to do these things and not notify the email related to the account), so I basically just made this accusation in order to see if there was other people with the same problem as me and what they did after.
newbie
Activity: 11
Merit: 0
August 17, 2024, 06:56:26 PM
#6

 from what you guys said now, if I’m able to get the previous password of a stake account I’ll be able to change their password, and do whatever I wish to do with that account without the owner getting any security email from them,right?

If you don't have the 2FA on, that's pretty much what can happen.

Pages:
Jump to: