Topic: Stake phishing - page 4. (Read 1418 times)

They wont really be that remaining to be the one of  the most known or popular platform here on crypto space specially on gambling industry if they havent been able to fixed up those kind of problems.
We know that issues and some errors or security concerns could really exist on a platform no matter how reputable or popular it would be on which those kind of possible breaches could happen if ever  there's one but since we are talking about being getting phished then this is something that do talks about users negligence because if account usernamen and password had been known then
there are possible reasons on which it could really be the reason on such access, whether that known phishing method or database leak from Stake itself.

Good thing that the hacker wasnt really able to successfully withdraw those amounts since there's 2FA but its really that sad which they do make out some bets and ended up on loss.
So did Stake compensate at least for the said lost amount? Totally hard to be on Stakes part but verifying out some new IP address access then they might be reconsidering such issue
but i highly doubt that they would be giving back something on what that user have lost.

You have a very good point here bud, sure the attitude of the user is suspicious.
And answering to what Smartvirus said, there is no way Stake them self will engage in such petty stuff, Like I believe I have said here before, if at all the claim of the user is true, then I personally stand on what i have said before on this thread, and that is that, its likely the handiwork of some rogues in the stake team engaging themselves in sending out such phishing emails to users they have seen to have a nice sum on their stake account.

How much is $10k to $20k us dollars compared to what Stake makes every day as profit, that they should engage in such things as trying to scam their users?.

Stake has always been amongst the world leading online crypto casino so far and I believe by now they must have fixed up the mess of the hack they experienced in the past with high sophisticated security apparatus to protect their users and their casino as well.  This casino is a casino I know that does not really take the safety and security of their users and assets for granted.  As everyone has his or her own interest, so stake does and their users are their number one priority when it gets to rendering quality services.

As for messages, every user of the platform can be able to decipher between a fake and scammy email from the original or better still if one doubts the authenticity of an email together with the originality, one is free to contact the customer care for further information because that is the only option to explore it in knowing the authenticity of the email they have received.

Stake is leading crypto casino that has been running for several years and now they have managed to have a very good reputation with customer trust so high that every customer does not need to worry about the security that Stake provides to every customer because customer comfort and security is priority the main.

It is true that some time ago Stake was hacked but now it is running normally and there is nothing to worry about because the team will also do their best so that the hack does not cause customers to suffer losses.
Regarding fake emails we can actually immediately distinguish them if we have been customers of Stake for long time because it is impossible for Stake to send email messages that might seem suspicious.

Now we can go back to playing and betting in complete comfort so don't hesitate to come back and play there.

Suspicious is that the user has been accused and was online even last active today but the user has had no update on the topic for about months and the user has locked the topic without any update. Why anyone will lock the thread without any update?

I don’t know what’s really suspicious about it, some user is being targeted for phishing and that’s it. Now the point of wonder is who is at the end of all these phishing mails, whose the jacket here; is it stakes or some rogue officials within its ranks of any (which I don’t want to believe as stakes have proven to be fair and bigger than petty theft) or it’s the work of some out of the box hackers.

The fact that not just one user is receiving this mails doesn’t narrow things down to stakes but, can go down to vindicate them none the less.
Hackers typically use methods of bulk sms which is mails in this case to reach out to a good number of users. Looking for potential victims in numbers. The chances of success is in the numbers as, you can likely have a not well informed or secured user amongst them.

Best course go solution has always been, not having to respond.

I do not think it is the real accusation as the op of the mentioned thread was last online today but the topic locked about 6 months ago without any proper announcement by the thread starter. Though there is few posts of the OP but there is no update about the case but locked by the starter. So, obviously think there might have something wrong.

This is suspicious...another player also got an email while he was playing - see this thread about how a player got phished out of 150k from his account

OP, some questions.
What exactly were the details of the 3 bets?
Had you ever received these emails prior?
Do you use this email for a lot of things, or just stake?
What was the senders email?

The reason I ask is that I think that it's extremely odd that two players received a phishing email at the time they had a balance. In the other case, stake let the entire amount to be tipped to a brand new user, then withdrawn to a wallet. In this case, the funds were just gambled away.

In both cases there is reasonable suspicion that Stake may have some involvement, as only they can know when a player has a balance and only they stand to benefit by gambling it away in 3 bets...and in the other case, it is highly unusual for a casino to let a brand new account withdraw such a large amount with no checks.

Every one licking stake a** . Yes I know its not stake fault but atleast higher up should have responded on my emails. And explain what went south rather than player who had been phished looking for answer . I contacted customer support and all they did was to restrict my account.

I had to provide all proofs after account was 0.
Wee stake lickers I am glad you all enjoying your reputable site.

Enjoy.
I got my answers and it was hard pill to swallow.

IRL is the way

We know that the phishing link does not choose a place; as long as there is an opportunity, it will immediately be placed where the scammer wants. Then it is also true that customer support in every casino says that the security of our account is up to us as gamblers and how we manage it properly. I agree here and have no questions about this matter.

That's why, if you read here in the forum, most of the communities here are saying to always be prudent and sensitive about the actions and strategies of exploitative scammers or hackers who can steal our assets from our balances on any gambling platform.

Stake had a big vulnerability because of having their own crypto payment gateway. Probably they still have it now. The latest hack only proved it and you are right I suppose hackers were available to track players' transactions and identify "big" players.

The only thing you could do to prevent it is to set max. bet limit like 0,1-0,5 LTC. Some casinos do it manually if there's no such thing in their interface (from my experience - LTC Casino, Cryptoboss - and other SoftSwiss-based crypto casinos can do that).

I hope this issue will be fixed in the future when casinos apply AI to their security systems. For example, if you are an experienced player, AI would analyze your behavior in this way:

1) You never did all-in without getting "tilted".
2) You never placed big bets in Limbo.
3) Unusual IP

=account restricted after the first bet.

Stake has already built a good reputation, and even though they were recently hacked, they are still operational now.

What happened to you is not the fault of Stake; there are a lot of hackers out there. You should know how to determine if an email is legitimate or not. Of course, phishing links are very popular, but there's always a way to verify if the email is genuine or just an attempt to hack you. As a gambler with a significant amount of money in your account, it's essential to educate yourself on ways to protect your funds wisely.

First of all it would be hard for Stake to believe that you lost your balance due to someone else's intervention. Even if they listen to your story then still you won't be able to provide valid proof that you were a victim of a phishing attack. The Stake.com may refund your balance but it's really unlikely to happen. Sometimes gamblers lose their bets and they can come up with similar story but I believe you're telling truth and if you're lucky then Stake will listen to your story and may refund you the balance that you've lost.


I don't know if an hacker can access the internal wallets of the users and if so then they may also have access to e-mail addresses of the users because it's literally impossible to send phishing link to someone without knowing their e-mail address.


Well, it's user's fault who gets phished and if a casino refunds those affected users then it's their goodness. A reputed casino like Stake isn't responsible for someone technical weaknesses but still if they think about refunding those users then it's their generosity.



I know that you have lost funds and anyone who losses funds will have similar reaction as yours but still it's not fair to call Stake.com unsafe because of someone's own fault. Account security has always been players responsibility and if someone gets phished or hacked then the casinos won't be responsible for such thing. I know it's really hard to bear a loss of $8k but sometimes we learn big lessons from our own mistakes. I will say again that it would be generosity of Stake if they refund your balance.

You actually don't get it I suppose, what AHOYBRAUSE is saying is inline with something I've pointed out on this thread like some weeks back, and what he is actually saying is that, the same way the hacker was able to obtain the password for the account, same way also, he can obtain the 2fa code too, all the hacker needs do is to be very fast to make sure he uses to the same 2fa code the user typed in to also login, phishing means that as the hacked user is typing in his password, the hacker is seeing the digits, as he is also typing in his 2fa code, the hacker is also seeing the codes, the user doesn't have to give the code out that way you are thinking ..

The only thing there is that, since he only had the ability to use the code only one time, he can't withdraw or tip any other account, so that was why he decided to waste the money on the account by purposely playing it away .

I've know Stake platform for a long time and they have done really well with their reputation so far, I think OP needs to learn more about phishing before accusing Stake platform of poor security, even if you have the best security, once you give access to anyone apart from you they will easily go through your accounts and withdraw your fund.

To the Stake casino, they will believe you are still the one in control, this is just an example how phishing works, I am not saying this is what really went down, it's your own fault for getting phished, and I do hope that you learn from it instead of blaming a reputable platform.

If you failed to find what went wrong, you will still become a victim again, I am saying this out of experience, they will find access into every other platform where you have accounts, including your Bank account. Stake isn't to be blamed, the problem is on your part.

well if tis is the case, this is clearly a human error. Why would you even give to others your 2FA right? So just take the accountability because you're the only person responsible from it. You are not suppose to give away your security keys and codes.

There is also a possibility that the hacker was using a VPS (Virtual Private Server) service while doing the operations and a VPS wouldn't have the IP address of where the hacker is but it will have an IP address based on the location of the VPS and that can be anywhere in the world. So, I don't really think that OP could get any clue or anything even if the casino management had supplied him the IP address that used his Stake account at that hour.

It's OP's mistake, obviously, and he definitely have learned his lesson. These things teach us that there is no free money anywhere in the world and that we should also never trust emails or messages or any other medium of receiving a promotion unless we are 100% sure that it's official.

https://www.talkimg.com/images/2023/09/15/6NySw.jpeg
https://www.talkimg.com/images/2023/09/15/6NJs9.jpeg

I think phishing has little to nothing to do with account security, because even with a very high security on your account , you still can be phished if you enter your account login details on a phishing site , which is clearly the situation with the op..

Op still had security in his account since the hacker could not withdraw the funds due to 2fa that is enabled on the account, but it's rather unfortunate that instead of leaving the money alone since he can't withdraw it, he decide to waste it, give it back to Stake, same thing like; "if I can't have it, you can't have it too", and this is pure wickedness..

And I hope that Stake will introduce a betting pin for every account, that is, when placing a bet on any game, you have to enter your betting pin (which must be different from your login password) for your bets to be approved for all through that session .

About the IP address, there won't be any I think.
Maybe they are accessing the account through the victims computer.

Sure he used the phishing link to log in but he said he has 2FA. If that's true the hacker only has 30 seconds to use the same 2FA code to also login. After that what can he do? You need 2FA to withdraw or tip any money to other accounts, so there is not enough time anyway.

If they use the account through the infected device there would just be the victims IP and no other one.