Pages:
Author

Topic: Stake.com Hot wallet robbed for 40Million + usd (Confirmed by stake) - page 2. (Read 800 times)

legendary
Activity: 2018
Merit: 1108
Whenever news like this is released I am a bit suspicious if that wasn't some type of insider job, and I really don't understand why they are keeping so much coins in hot wallet.
If it was an inside job, could it be they accessed more than just the hot wallet? It sounds dumb thought: not many people will have access to those wallets, in which case it shouldn't be long to find the thief.

If it was an inside job and proper access control was in place, it should be trivial to find out who it was. Who knows until we get confirmation.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
LOL well it's a known fact though of what a centralized platform can do. It wouldn't help Stake recover so I'm curious if CZ would really be doing it.
Stake is the richest among the casinos in crypto, certainly, the amount is just peanuts to them Ed will just refund all affected users and go on again to enjoy his stay where ever he is. There is nothing to worry about but there will be preventive measures. What that might be is probably worse than KYC.

He will if all of the coins are still in his Blockchain and they have a strong relationship with CZ. I'm not sure if the number is inflated, but I spoke with a stake insider, who informed me that everything is back on track, that the stake vault was not compromised, that Ed is handling things, and that no player coin was taken. My $64 is still lying there.

Stake made $2.6b in revenue last year so $40m is drop in the ocean for Ed.

If it was an inside job, could it be they accessed more than just the hot wallet? It sounds dumb thought: not many people will have access to those wallets, in which case it shouldn't be long to find the thief.

My source said only the hot wallet was accessed.
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
Whenever news like this is released I am a bit suspicious if that wasn't some type of insider job, and I really don't understand why they are keeping so much coins in hot wallet.
If it was an inside job, could it be they accessed more than just the hot wallet? It sounds dumb thought: not many people will have access to those wallets, in which case it shouldn't be long to find the thief.
legendary
Activity: 2212
Merit: 7064
I think I recently saw more than usual number of reports against Stake casino in Scam Accusations board, so maybe that was connected with this hack.
Whenever news like this is released I am a bit suspicious if that wasn't some type of insider job, and I really don't understand why they are keeping so much coins in hot wallet.

There is no need to reverse already confirmed transactions, as Binance can simply freeze the funds and use the BNB Auto-Burn feature to cover the hacked funds back to the Stake. I believe they have already taken similar actions following some major hacks/exploits on the BSC network.
Yeah but boss CZ first needs to give them the green light for that... just showing how ''decentralized'' whole thing is.  Tongue
hero member
Activity: 2800
Merit: 595
https://www.betcoin.ag
CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).
It's completely feasible. There are only a handful of BSC "nodes" (if you can even call them that), and all of them are owned and operated by Binance. Binance can do anything they like with the BSC network and all the assets on it. Reverse transactions, seize coins, burn coins, shut the whole thing down.

This is terrifying; you've just destroyed my affection for the BUSD token and the entire BSC Blockchain. Well, I'm not certain the hackers are stupid enough to leave those coins in the BSC Blockchain knowing they could be reversed or frozen..

I agree. I don't know the exact daily withdrawal numbers, but seriously, did they really need that much in one hot wallet? And it wasn't even a multisig, apparently. I mean, every large transaction from the platform goes through a manual verification process anyway.

There is no daily withdrawal limit on stake but if you want to withdraw a large sum then you will be ask to do KYC.

LOL well it's a known fact though of what a centralized platform can do. It wouldn't help Stake recover so I'm curious if CZ would really be doing it.
Stake is the richest among the casinos in crypto, certainly, the amount is just peanuts to them Eddie will just refund all affected users and go on again to enjoy his stay where ever he is. There is nothing to worry about but there will be preventive measures. What that might be is probably worse than KYC.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).
It's completely feasible. There are only a handful of BSC "nodes" (if you can even call them that), and all of them are owned and operated by Binance. Binance can do anything they like with the BSC network and all the assets on it. Reverse transactions, seize coins, burn coins, shut the whole thing down.

This is terrifying; you've just destroyed my affection for the BUSD token and the entire BSC Blockchain. Well, I'm not certain the hackers are stupid enough to leave those coins in the BSC Blockchain knowing they could be reversed or frozen..

I agree. I don't know the exact daily withdrawal numbers, but seriously, did they really need that much in one hot wallet? And it wasn't even a multisig, apparently. I mean, every large transaction from the platform goes through a manual verification process anyway.

There is no daily withdrawal limit on stake but if you want to withdraw a large sum then you will be ask to do KYC.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
And for all the coins stolen on BSC, could Binance not just reverse those transactions since BSC is 100% centralized?

CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).

There is no need to reverse already confirmed transactions, as Binance can simply freeze the funds and use the BNB Auto-Burn feature to cover the hacked funds back to the Stake. I believe they have already taken similar actions following some major hacks/exploits on the BSC network.

Keeping such a large sum in a hot wallet is a rookie error for an old casino (Stake). It appears to be an insider hack.

I agree. I don't know the exact daily withdrawal numbers, but seriously, did they really need that much in one hot wallet? And it wasn't even a multisig, apparently. I mean, every large transaction from the platform goes through a manual verification process anyway.
legendary
Activity: 2268
Merit: 18711
Why are legit casinos buying stolen email addresses in the first place? They are not supposed to be sketchy.
The casinos themselves probably didn't know. A data broker will have got their hands on the data in the first place, then started selling it to advertising companies as "Crypto users who are also interested in gambling". The ad companies which these casinos employ will have bought the data and used it.

CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).
It's completely feasible. There are only a handful of BSC "nodes" (if you can even call them that), and all of them are owned and operated by Binance. Binance can do anything they like with the BSC network and all the assets on it. Reverse transactions, seize coins, burn coins, shut the whole thing down.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
Of course they are going to say "User funds are safe". If they came out and said "Uhhh, we no longer have enough money to pay everyone back", then they trigger a bank run which rapidly leads to insolvency. So whether or not users funds are actually safe, that is what they are going to say.
If they don't say so, then there will be a total panic, everyone will try to withdraw and the casino will disappear like the tall building demolitions. You are true, they aren't transparent but can' really blame them, sometimes it's better to lie than to be 100% honest.

It's the exact same as when the likes of FTX, BlockFi, Celsius, Voyager, et al. said "Everything is fine" in the days and weeks before going bankrupt. If they are honest then all they do is speed up their own demise.
You will probably find it funny that Binance has posted this article: Know Your Scam: How to Spot, Report, and Avoid Acquaintance Scams.


Why are legit casinos buying stolen email addresses in the first place? They are not supposed to be sketchy.
Because it's cheaper way to promote your service.

Still, it has to be cleared up: Why were they keeping millions of dollars in a hot wallet in the first place? I generally do not mind withdrawals taking a few hours or a day in order to fill the hot wallet and to double/triple check. This just feels like needless negligence on the part of funds security.
Stake is a huge casino with a lot of customers and you know, people gamble with a lot of money. Just check their casino page, scroll down and you'll see a live list of highrollers. People bet 100K USDT, 2 Ethereum, 0.3 Bitcoin very frequently absolutely every second. I think they probably have such a big active and highroller userbase that probably 40 million in hot wallet was okay for them. So, not a huge loss too, probably.
hero member
Activity: 2212
Merit: 670
Signature designer - start @$10 - PM me!
Or does this mean 41 million is like pocket change to them?
The number of withdrawals per user may not be limited. If you look at the input output transactions on pages 1k back in the txexplorer, Stake's hot wallet can handle more than 100 ETH transactions per day, for example: https://etherscan.io/tx/0x66c8a36d9ed6542cdc6cd5f24ec06d6bfb1deb27eed8500595169e75c2b91ed5.
That's really pocket change to them, Stake is a big company.
hero member
Activity: 1834
Merit: 879
Rollbit.com ⚔️Crypto Futures
Ouch that should sting, and this is the ugly side of hot wallets and a price to pay for convenience in serving its customers!

Otherwise if Stake are saying clients funds are safe, I really don't see any loss of business for them as their reputation supersedes them to keep clients playing their favorite games.

But going forward,  how do you merge security, hot wallets and convenience when it come to payouts to avoid such hacks Huh Because going the multisig way could mean delayed payouts or potential to create backlogs of people to pay...
legendary
Activity: 2018
Merit: 1108
Quote

Actually they never share anything like this with the public.
Last year they were hacked as well and some user data such as emails, VIP level were stolen.
They didn't even bother to inform players.

People found out when they suddenly got promotion emails from sites that bought the stolen data, such as rollbit.


Is this a fact? Never heard of it and it's quite an alarming lack of transparency if true.

Quote
This just feels like needless negligence on the part of funds security.

You can't say it's negligence without knowing what their risk tolerance is. At their scale it may very well be worth it if they have enough volume and it's a deal-breaker for customers who play with large amounts.

I believe that there should be some middle ground with a semi-coldwallet solution with minimal delay but added security. When risking $40 million one could probably protect their funds pretty well with some clever solution and still have fast transactions.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
And for all the coins stolen on BSC, could Binance not just reverse those transactions since BSC is 100% centralized?

CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).

Keeping such a large sum in a hot wallet is a rookie error for an old casino (Stake). It appears to be an insider hack.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Actually they never share anything like this with the public.
Last year they were hacked as well and some user data such as emails, VIP level were stolen.
They didn't even bother to inform players.

People found out when they suddenly got promotion emails from sites that bought the stolen data, such as rollbit.

Why are legit casinos buying stolen email addresses in the first place? They are not supposed to be sketchy.

Still, it has to be cleared up: Why were they keeping millions of dollars in a hot wallet in the first place? I generally do not mind withdrawals taking a few hours or a day in order to fill the hot wallet and to double/triple check. This just feels like needless negligence on the part of funds security.
legendary
Activity: 2268
Merit: 18711
Of course they are going to say "User funds are safe". If they came out and said "Uhhh, we no longer have enough money to pay everyone back", then they trigger a bank run which rapidly leads to insolvency. So whether or not users funds are actually safe, that is what they are going to say.

It's the exact same as when the likes of FTX, BlockFi, Celsius, Voyager, et al. said "Everything is fine" in the days and weeks before going bankrupt. If they are honest then all they do is speed up their own demise.

And for all the coins stolen on BSC, could Binance not just reverse those transactions since BSC is 100% centralized?
legendary
Activity: 3808
Merit: 1723
Most users probably won’t be that upset since it was a hot wallet which got hacked and those are already risky. If they lost their cold store wallets which was a majority of the user funds then people would be upset and start withdrawing their funds as soon as possible.

Can’t think of the last time a casino got hacked. I remember there was that HuffPuff cheater on Primedice who could read the seeds ahead of time and made off with like 2K BTC or something similar.
hero member
Activity: 770
Merit: 828
Leading Crypto Sports Betting & Casino Platform
They have to assure their members' confidence they are the industry giant they cannot afford to lose their status in the industry if it happens to a small casino it's likely they cannot keep up paying their members, this is one of the reasons why gamblers should pick a reputable casino and have a good standing in the industry so in case something like this happen their funds are still safe.
What happens will echo in the whole industry and what Stake is going to do will have an impact on the industry hopefully the hackers left a loophole for them to track them.

I don't think this would be enough for Stake to lose its respectable status in the crypto gambling industry. It seems that no user is hurt in this incident save perhaps for some negligible inconvenience. However, it wouldn't be surprising either if there are gamblers who would decide to minimize their funds in the platform or even transfer to another one.

Just the same, Stake should be responsible enough to provide transparent details as to what really happened if only to remove from the minds of the users that the platform has some serious security flaws ready to be exploited by anybody.

Actually they never share anything like this with the public.
Last year they were hacked as well and some user data such as emails, VIP level were stolen.
They didn't even bother to inform players.

People found out when they suddenly got promotion emails from sites that bought the stolen data, such as rollbit.

legendary
Activity: 2576
Merit: 1860
They have to assure their members' confidence they are the industry giant they cannot afford to lose their status in the industry if it happens to a small casino it's likely they cannot keep up paying their members, this is one of the reasons why gamblers should pick a reputable casino and have a good standing in the industry so in case something like this happen their funds are still safe.
What happens will echo in the whole industry and what Stake is going to do will have an impact on the industry hopefully the hackers left a loophole for them to track them.

I don't think this would be enough for Stake to lose its respectable status in the crypto gambling industry. It seems that no user is hurt in this incident save perhaps for some negligible inconvenience. However, it wouldn't be surprising either if there are gamblers who would decide to minimize their funds in the platform or even transfer to another one.

Just the same, Stake should be responsible enough to provide transparent details as to what really happened if only to remove from the minds of the users that the platform has some serious security flaws ready to be exploited by anybody.
legendary
Activity: 3416
Merit: 1225


Well, It's a good thing that it is stake and they will probably cover the loss. Otherwise, user funds would indeed have been lost even if users have no direct claim on wallets.  Wink

This is similar to how it works for exploited centralized exchanges.

They have to assure their members' confidence they are the industry giant they cannot afford to lose their status in the industry if it happens to a small casino it's likely they cannot keep up paying their members, this is one of the reasons why gamblers should pick a reputable casino and have a good standing in the industry so in case something like this happen their funds are still safe.
What happens will echo in the whole industry and what Stake is going to do will have an impact on the industry hopefully the hackers left a loophole for them to track them.
hero member
Activity: 1554
Merit: 880
pxzone.online
Eddie said a small percentage keep reserves in hot wallets, so this might be pocket change for them, he said the affected wallets will be operational soon.

[1] https://twitter.com/StakeEddie/status/1698748627622244840
Good thing if it's the case, in fact Stake is really a huge casino ever existed here in crypto space. If this is just a new or smaller casino, those users with large sum of balance will be very affected and in rage if they file bankruptcy. And I'm sure those hacked USDT and other USD pegged coins will be frozen and hopefully will be recovered.
Pages:
Jump to: