Author

Topic: Stake.com Hot wallet robbed for 40Million + usd (Confirmed by stake) (Read 800 times)

legendary
Activity: 1288
Merit: 1081
Goodnight, o_e_l_e_o 🌹
Today stake released premonthly for every VIP user.

I was  VERY surprised when  i saw  it, since its easily few million dollars for them that they dont need  to give to users, especially after double monthly bonus in august due  to their birthday.

This just proves that stake is  undisputed #1  right  now atleast based on revenue/profits.

They can still afford to give these  bonuses to users inspite of losing 40+ million, I  have no doubt most other sportsbooks would shut down or try to recoup  their losses by cutting back on promotions etc

That is one of the many profits people enjoy when they play with a reputable and trusted casino.  If this hack had happened to a relatively new and unpopular casino, it would have been an exit door for them. Even when  they do not want to exit, the pressure from the media and the users will throw them into more problems. But with stake, see how calm the environment remained and I bet you that many people that plays with Stake.com doesn't know that they were hacked. This is because there is no panic or prolonged pause of withdrawal   .This is an example that building reputation is very necessary in the gambling business.

I have read somewhere about stake transactions running in billions, the 40 million lost is something that will not take Stake so long to recover because they are much rooted in the business. But then they should have ways to mitigate such occurrences in the future. In as much as it's not affecting them, hacks depict vulnerability which is not a good thing.
full member
Activity: 448
Merit: 223
Damn, looks like a hack. If it was an inside transfer, they'd probably confirm it by now, no?

I don't know how much money they're working with on a daily basis, but 40 mil on hot wallets? Looks like way too much.

yes, just see the high rollers on their website, which are wagering in hundred thousands and in millions per bet, so you can imagine how big the stake platform is became now Shocked Shocked
I am not a developer and know very less about coding or hacking. but stake seems very high security casino it's is hard to believe that they also got hacked.
full member
Activity: 998
Merit: 157
Today stake released premonthly for every VIP user.

I was  VERY surprised when  i saw  it, since its easily few million dollars for them that they dont need  to give to users, especially after double monthly bonus in august due  to their birthday.

This just proves that stake is  undisputed #1  right  now atleast based on revenue/profits.

They can still afford to give these  bonuses to users inspite of losing 40+ million, I  have no doubt most other sportsbooks would shut down or try to recoup  their losses by cutting back on promotions etc
legendary
Activity: 2828
Merit: 1497
Join the world-leading crypto sportsbook NOW!
Seems that the owner Eddie had made a statement about what had transpired during the recent events of the hack of those wallets and had indeed confirmed it was the hackers Lazarus Group from North Korea who were traced by the FBI:
"Despite a sophisticated attack on Stake by North Korean cyber actors (As confirmed by the FBI), operations are completely unaffected. Thank you to the talented & resilient team. I've shared more information in my recent Medium post."
source: https://twitter.com/StakeEddie/status/1700062420813922760

It is all in described in detail on this interview from a post on medium a couple of days ago
https://medium.com/@edcraven22/always-moving-forward-reflections-on-the-recent-stake-com-exploit-431105710a2e

legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Stake pays Drake $100m a year for endorsements, Everton £10m for shirt sponsorships, and was keen in securing a £40m per shirt deal with Chelsea a few months ago until the deal fell through. Why would a casino with a profit of less than $100m, according to your calculations, be able to carry out such a massive commitment? Not to mention the Adesenya and Aguero deals. Something isn't right

One doesn't exclude the other.
Even large companies usually spend more on advertising than they have profit, and this goes to the extreme when your whole business is dependent on bringing and keeping players. Just for fun, if we compare with Procter & Gamble which doesn't have to fight that seriously to keep people from using their shampoo, right? , lol, we're looking at 8 billion in advertising at an annual revenue of 80 billion, probably taking somewhere at 20% as most digital brands do that would make a 400 million budget realistic.

Maybe Stake would be doing better but you do realize that if Stake would be making more money than the rest it would mean people would be earning less and lose more which wouldn't really make it as attractive as it is now, right?

Isn't the profit part the part they want to keep as low as possible for tax reasons, even when the revenue is very high? Only 2% of the revenue as profit is a lot less than I would have expected.

Profit before tax, this is where the accounting tricks begin, as you can't really fake the previous numbers when your whole business is online and in Betfair's case you only take digital centralized payments, with crypto you can shuffle a bit but with a card and wire transfers is just a no go. The margin is nearly the same for everyone bet365 is at 60million in profits at 3.5 billion in revenue.

hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
2.6 billion in revenue, not profit!
Betfair had 4.8 billion in revenue with a pretax profit of 83 million, so if we keep the same ratios that would be a year running for nothing!
Isn't the profit part the part they want to keep as low as possible for tax reasons, even when the revenue is very high? Only 2% of the revenue as profit is a lot less than I would have expected.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
Stake pays Drake $100m a year for endorsements, Everton £10m for shirt sponsorships, and was keen in securing a £40m per shirt deal with Chelsea a few months ago until the deal fell through. Why would a casino with a profit of less than $100m, according to your calculations, be able to carry out such a massive commitment? Not to mention the Adesenya and Aguero deals. Something isn't right

How much you pay for something should never be taken as an estimate on how much your profit is.
If they estimate that they will earn 103 million from 100 million Drake endorsement, they will do it. The fact that they do have 100 mil for an endorsement does not mean that they have cash to throw away, or that their profit is in trillions.

In this example, a 100 mil in capital is used to accrue only 3 mil in profit - and a lot of companies will accept a 3% ROI on such investments.

We're on the same page, and a good business only puts its eggs where they can make a profit. Only new projects invest heavily in marketing, even if they do not earn, in order to promote their brand. Stake is one of the largest crypto casinos, and they aren't putting out millions to achieve popularity (they already have), but to make money. Nobody is claiming that the money they lost is little, but it is not the kind of money that will keep them out of business for even an hour.
legendary
Activity: 2226
Merit: 1571
Join the world-leading crypto sportsbook NOW!
Stake pays Drake $100m a year for endorsements, Everton £10m for shirt sponsorships, and was keen in securing a £40m per shirt deal with Chelsea a few months ago until the deal fell through. Why would a casino with a profit of less than $100m, according to your calculations, be able to carry out such a massive commitment? Not to mention the Adesenya and Aguero deals. Something isn't right

How much you pay for something should never be taken as an estimate on how much your profit is.
If they estimate that they will earn 103 million from 100 million Drake endorsement, they will do it. The fact that they do have 100 mil for an endorsement does not mean that they have cash to throw away, or that their profit is in trillions.

In this example, a 100 mil in capital is used to accrue only 3 mil in profit - and a lot of companies will accept a 3% ROI on such investments.

________________________________________

Not saying this is the case with Stake, they can of course have incredibly high profits and 50x return on their endorsements. I'm just trying to explain that the fact that they have 100+ mil to 'throw away' does not necessarily mean that 40 mil is pennies for them.
40 mil hurts anybody - it's a huge amount of money.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
Stake made $2.6b in revenue last year so $40m is drop in the ocean for Ed.

2.6 billion in revenue, not profit!
Betfair had 4.8 billion in revenue with a pretax profit of 83 million, so if we keep the same ratios that would be a year running for nothing!

Stake pays Drake $100m a year for endorsements, Everton £10m for shirt sponsorships, and was keen in securing a £40m per shirt deal with Chelsea a few months ago until the deal fell through. Why would a casino with a profit of less than $100m, according to your calculations, be able to carry out such a massive commitment? Not to mention the Adesenya and Aguero deals. Something isn't right
hero member
Activity: 1554
Merit: 880
pxzone.online
They identified the hackers as a known organisation from north korea,
...
I still however am skeptical that this happened without any inside access , also shows how big stake is now that fbi is involved so fast, especially because stake.com does not operate in US and the hackers arent from US either, allegedly.
They have Stake.Us domain for US users since it falls on  the same company, then FBI could handle it but accusing the those org from north korea again for this, i don't think some of it can be recovered especially the non-USD pegged coins that were hacked.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Stake made $2.6b in revenue last year so $40m is drop in the ocean for Ed.

2.6 billion in revenue, not profit!
Betfair had 4.8 billion in revenue with a pretax profit of 83 million, so if we keep the same ratios that would be a year running for nothing!

It's completely feasible. There are only a handful of BSC "nodes" (if you can even call them that), and all of them are owned and operated by Binance. Binance can do anything they like with the BSC network and all the assets on it. Reverse transactions, seize coins, burn coins, shut the whole thing down.

This is terrifying; you've just destroyed my affection for the BUSD token and the entire BSC Blockchain. Well, I'm not certain the hackers are stupid enough to leave those coins in the BSC Blockchain knowing they could be reversed or frozen..

Why are you surprised by this?
CZ wanted to do that with Bitcoin when Binance lost money, do you honestly think a control freak like him would really allow a truly decentralized coin with his name on it to be the backbone of his business? I'm pretty sure he would fork it at the first sign he is about to lose total control over it.


full member
Activity: 998
Merit: 157
FBI posted an update regarding this

https://www.fbi.gov/news/press-releases/fbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom

They identified the hackers as a known organisation from north korea,

I still however am skeptical that this happened without any inside access , also shows how big stake is now that fbi is involved so fast, especially because stake.com does not operate in US and the hackers arent from US either, allegedly.
full member
Activity: 2324
Merit: 175


I just hope Stake gives us more information so we can stop speculating.



I don't think they will give more They already assured users funds and internal investigations will be kept confidential Stakes will never announce any information that will compromise the site security and reputation in fact they want to kill the news and they want to treat it as minor problems, the amount is just pocket change, small casinos with that amount will announced bankruptcy but with Stake's status its back to normal.
hero member
Activity: 1414
Merit: 542
I just hope Stake gives us more information so we can stop speculating.

It's to their disadvantage if they show or tell us it's because of negligence, We expect them to have tight security, so they will pick the right words that are acceptable to the community and stakeholders but they will keep the real picture onto themselves, until one of them spill it.
The whole gambling community is looking at how they handle it as long as they ensure that their users' funds are safe and they are good, there's no need to panic.

Stake probably prefers that we merely speculate on this while facts are kept hidden from anybody. They won't be speaking about this as much as possible. That's bad for business. They have already issued assurances that user funds are safe. That's enough. So, from this moment forward they would act as if nothing has happened. Business as usual. The smoke will eventually die down. It's enough that they report of an "unauthorized transactions."

Yes, they even said that this is only a small amount, but it's scary to think that now we have heard a top crypto gambling website being attack by hackers, whether it was state sponsored attack or just some random guy in the basement of their parents.

Nevertheless, another lesson from all of us, although funds are safe, still we can't just leave anything in any platforms that involves our crypto. And as far as Stake goes, this is already a close case.
legendary
Activity: 2576
Merit: 1860
I just hope Stake gives us more information so we can stop speculating.

It's to their disadvantage if they show or tell us it's because of negligence, We expect them to have tight security, so they will pick the right words that are acceptable to the community and stakeholders but they will keep the real picture onto themselves, until one of them spill it.
The whole gambling community is looking at how they handle it as long as they ensure that their users' funds are safe and they are good, there's no need to panic.

Stake probably prefers that we merely speculate on this while facts are kept hidden from anybody. They won't be speaking about this as much as possible. That's bad for business. They have already issued assurances that user funds are safe. That's enough. So, from this moment forward they would act as if nothing has happened. Business as usual. The smoke will eventually die down. It's enough that they report of an "unauthorized transactions."
legendary
Activity: 3416
Merit: 1225


I just hope Stake gives us more information so we can stop speculating.



It's to their disadvantage if they show or tell us it's because of negligence, We expect them to have tight security, so they will pick the right words that are acceptable to the community and stakeholders but they will keep the real picture onto themselves, until one of them spill it.
The whole gambling community is looking at how they handle it as long as they ensure that their users' funds are safe and they are good, there's no need to panic.
legendary
Activity: 2212
Merit: 7064
If it was an inside job, could it be they accessed more than just the hot wallet? It sounds dumb thought: not many people will have access to those wallets, in which case it shouldn't be long to find the thief.
I don't know really, I just speculated about inside job, and I don't really believe anything I hear in news anymore.
It is stupid to lose coins like this, and it's even more stupid when it happens to someone more than once  Tongue

If it was an inside job and proper access control was in place, it should be trivial to find out who it was. Who knows until we get confirmation.
Nothing is trivial wit crypto businesses and shitcoins  Wink
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!
I just hope Stake gives us more information so we can stop speculating.

Well, I highly doubt we'll ever see that day. These kinds of secrets are usually locked up tighter than a bank vault. They'll wrap it up in the 'for our safety and to prevent future hacks' excuse, but let's be real, they're really just covering their tracks and hiding any slip-ups they might have had.
legendary
Activity: 2018
Merit: 1108
Pointing an accusing finger doesn't translate to finding the thief, and of course, the investigation would point accusing fingers at a tiny circle of people, but it would be a mere allegation unless they can truly solve the puzzle which I predict a slim chance of success for. A hack/fraud of this magnitude will be a well-organized crime that will be foolproof to avoid pointing to the insider unless they are idiots.

True. I hope Stake did not blindly give wallet access to employees without having some system in between to keep access logs.

I just hope Stake gives us more information so we can stop speculating.

hero member
Activity: 826
Merit: 641
Leading Crypto Sports Betting & Casino Platform
Whenever news like this is released I am a bit suspicious if that wasn't some type of insider job, and I really don't understand why they are keeping so much coins in hot wallet.
If it was an inside job, could it be they accessed more than just the hot wallet? It sounds dumb thought: not many people will have access to those wallets, in which case it shouldn't be long to find the thief.

If it was an inside job and proper access control was in place, it should be trivial to find out who it was. Who knows until we get confirmation.
Pointing an accusing finger doesn't translate to finding the thief, and of course, the investigation would point accusing fingers at a tiny circle of people, but it would be a mere allegation unless they can truly solve the puzzle which I predict a slim chance of success for. A hack/fraud of this magnitude will be a well-organized crime that will be foolproof to avoid pointing to the insider unless they are idiots.
legendary
Activity: 2018
Merit: 1108
Whenever news like this is released I am a bit suspicious if that wasn't some type of insider job, and I really don't understand why they are keeping so much coins in hot wallet.
If it was an inside job, could it be they accessed more than just the hot wallet? It sounds dumb thought: not many people will have access to those wallets, in which case it shouldn't be long to find the thief.

If it was an inside job and proper access control was in place, it should be trivial to find out who it was. Who knows until we get confirmation.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
LOL well it's a known fact though of what a centralized platform can do. It wouldn't help Stake recover so I'm curious if CZ would really be doing it.
Stake is the richest among the casinos in crypto, certainly, the amount is just peanuts to them Ed will just refund all affected users and go on again to enjoy his stay where ever he is. There is nothing to worry about but there will be preventive measures. What that might be is probably worse than KYC.

He will if all of the coins are still in his Blockchain and they have a strong relationship with CZ. I'm not sure if the number is inflated, but I spoke with a stake insider, who informed me that everything is back on track, that the stake vault was not compromised, that Ed is handling things, and that no player coin was taken. My $64 is still lying there.

Stake made $2.6b in revenue last year so $40m is drop in the ocean for Ed.

If it was an inside job, could it be they accessed more than just the hot wallet? It sounds dumb thought: not many people will have access to those wallets, in which case it shouldn't be long to find the thief.

My source said only the hot wallet was accessed.
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
Whenever news like this is released I am a bit suspicious if that wasn't some type of insider job, and I really don't understand why they are keeping so much coins in hot wallet.
If it was an inside job, could it be they accessed more than just the hot wallet? It sounds dumb thought: not many people will have access to those wallets, in which case it shouldn't be long to find the thief.
legendary
Activity: 2212
Merit: 7064
I think I recently saw more than usual number of reports against Stake casino in Scam Accusations board, so maybe that was connected with this hack.
Whenever news like this is released I am a bit suspicious if that wasn't some type of insider job, and I really don't understand why they are keeping so much coins in hot wallet.

There is no need to reverse already confirmed transactions, as Binance can simply freeze the funds and use the BNB Auto-Burn feature to cover the hacked funds back to the Stake. I believe they have already taken similar actions following some major hacks/exploits on the BSC network.
Yeah but boss CZ first needs to give them the green light for that... just showing how ''decentralized'' whole thing is.  Tongue
hero member
Activity: 2800
Merit: 595
https://www.betcoin.ag
CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).
It's completely feasible. There are only a handful of BSC "nodes" (if you can even call them that), and all of them are owned and operated by Binance. Binance can do anything they like with the BSC network and all the assets on it. Reverse transactions, seize coins, burn coins, shut the whole thing down.

This is terrifying; you've just destroyed my affection for the BUSD token and the entire BSC Blockchain. Well, I'm not certain the hackers are stupid enough to leave those coins in the BSC Blockchain knowing they could be reversed or frozen..

I agree. I don't know the exact daily withdrawal numbers, but seriously, did they really need that much in one hot wallet? And it wasn't even a multisig, apparently. I mean, every large transaction from the platform goes through a manual verification process anyway.

There is no daily withdrawal limit on stake but if you want to withdraw a large sum then you will be ask to do KYC.

LOL well it's a known fact though of what a centralized platform can do. It wouldn't help Stake recover so I'm curious if CZ would really be doing it.
Stake is the richest among the casinos in crypto, certainly, the amount is just peanuts to them Eddie will just refund all affected users and go on again to enjoy his stay where ever he is. There is nothing to worry about but there will be preventive measures. What that might be is probably worse than KYC.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).
It's completely feasible. There are only a handful of BSC "nodes" (if you can even call them that), and all of them are owned and operated by Binance. Binance can do anything they like with the BSC network and all the assets on it. Reverse transactions, seize coins, burn coins, shut the whole thing down.

This is terrifying; you've just destroyed my affection for the BUSD token and the entire BSC Blockchain. Well, I'm not certain the hackers are stupid enough to leave those coins in the BSC Blockchain knowing they could be reversed or frozen..

I agree. I don't know the exact daily withdrawal numbers, but seriously, did they really need that much in one hot wallet? And it wasn't even a multisig, apparently. I mean, every large transaction from the platform goes through a manual verification process anyway.

There is no daily withdrawal limit on stake but if you want to withdraw a large sum then you will be ask to do KYC.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
And for all the coins stolen on BSC, could Binance not just reverse those transactions since BSC is 100% centralized?

CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).

There is no need to reverse already confirmed transactions, as Binance can simply freeze the funds and use the BNB Auto-Burn feature to cover the hacked funds back to the Stake. I believe they have already taken similar actions following some major hacks/exploits on the BSC network.

Keeping such a large sum in a hot wallet is a rookie error for an old casino (Stake). It appears to be an insider hack.

I agree. I don't know the exact daily withdrawal numbers, but seriously, did they really need that much in one hot wallet? And it wasn't even a multisig, apparently. I mean, every large transaction from the platform goes through a manual verification process anyway.
legendary
Activity: 2268
Merit: 18711
Why are legit casinos buying stolen email addresses in the first place? They are not supposed to be sketchy.
The casinos themselves probably didn't know. A data broker will have got their hands on the data in the first place, then started selling it to advertising companies as "Crypto users who are also interested in gambling". The ad companies which these casinos employ will have bought the data and used it.

CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).
It's completely feasible. There are only a handful of BSC "nodes" (if you can even call them that), and all of them are owned and operated by Binance. Binance can do anything they like with the BSC network and all the assets on it. Reverse transactions, seize coins, burn coins, shut the whole thing down.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
Of course they are going to say "User funds are safe". If they came out and said "Uhhh, we no longer have enough money to pay everyone back", then they trigger a bank run which rapidly leads to insolvency. So whether or not users funds are actually safe, that is what they are going to say.
If they don't say so, then there will be a total panic, everyone will try to withdraw and the casino will disappear like the tall building demolitions. You are true, they aren't transparent but can' really blame them, sometimes it's better to lie than to be 100% honest.

It's the exact same as when the likes of FTX, BlockFi, Celsius, Voyager, et al. said "Everything is fine" in the days and weeks before going bankrupt. If they are honest then all they do is speed up their own demise.
You will probably find it funny that Binance has posted this article: Know Your Scam: How to Spot, Report, and Avoid Acquaintance Scams.


Why are legit casinos buying stolen email addresses in the first place? They are not supposed to be sketchy.
Because it's cheaper way to promote your service.

Still, it has to be cleared up: Why were they keeping millions of dollars in a hot wallet in the first place? I generally do not mind withdrawals taking a few hours or a day in order to fill the hot wallet and to double/triple check. This just feels like needless negligence on the part of funds security.
Stake is a huge casino with a lot of customers and you know, people gamble with a lot of money. Just check their casino page, scroll down and you'll see a live list of highrollers. People bet 100K USDT, 2 Ethereum, 0.3 Bitcoin very frequently absolutely every second. I think they probably have such a big active and highroller userbase that probably 40 million in hot wallet was okay for them. So, not a huge loss too, probably.
hero member
Activity: 2212
Merit: 670
Signature designer - start @$10 - PM me!
Or does this mean 41 million is like pocket change to them?
The number of withdrawals per user may not be limited. If you look at the input output transactions on pages 1k back in the txexplorer, Stake's hot wallet can handle more than 100 ETH transactions per day, for example: https://etherscan.io/tx/0x66c8a36d9ed6542cdc6cd5f24ec06d6bfb1deb27eed8500595169e75c2b91ed5.
That's really pocket change to them, Stake is a big company.
hero member
Activity: 1834
Merit: 879
Rollbit.com ⚔️Crypto Futures
Ouch that should sting, and this is the ugly side of hot wallets and a price to pay for convenience in serving its customers!

Otherwise if Stake are saying clients funds are safe, I really don't see any loss of business for them as their reputation supersedes them to keep clients playing their favorite games.

But going forward,  how do you merge security, hot wallets and convenience when it come to payouts to avoid such hacks Huh Because going the multisig way could mean delayed payouts or potential to create backlogs of people to pay...
legendary
Activity: 2018
Merit: 1108
Quote

Actually they never share anything like this with the public.
Last year they were hacked as well and some user data such as emails, VIP level were stolen.
They didn't even bother to inform players.

People found out when they suddenly got promotion emails from sites that bought the stolen data, such as rollbit.


Is this a fact? Never heard of it and it's quite an alarming lack of transparency if true.

Quote
This just feels like needless negligence on the part of funds security.

You can't say it's negligence without knowing what their risk tolerance is. At their scale it may very well be worth it if they have enough volume and it's a deal-breaker for customers who play with large amounts.

I believe that there should be some middle ground with a semi-coldwallet solution with minimal delay but added security. When risking $40 million one could probably protect their funds pretty well with some clever solution and still have fast transactions.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
And for all the coins stolen on BSC, could Binance not just reverse those transactions since BSC is 100% centralized?

CZ's best bet is to freeze those output addresses and have Stake negotiate with those hackers (Ramson, as usual), since I don't believe it's feasible to reverse already confirmed transactions (which I haven't seen before).

Keeping such a large sum in a hot wallet is a rookie error for an old casino (Stake). It appears to be an insider hack.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Actually they never share anything like this with the public.
Last year they were hacked as well and some user data such as emails, VIP level were stolen.
They didn't even bother to inform players.

People found out when they suddenly got promotion emails from sites that bought the stolen data, such as rollbit.

Why are legit casinos buying stolen email addresses in the first place? They are not supposed to be sketchy.

Still, it has to be cleared up: Why were they keeping millions of dollars in a hot wallet in the first place? I generally do not mind withdrawals taking a few hours or a day in order to fill the hot wallet and to double/triple check. This just feels like needless negligence on the part of funds security.
legendary
Activity: 2268
Merit: 18711
Of course they are going to say "User funds are safe". If they came out and said "Uhhh, we no longer have enough money to pay everyone back", then they trigger a bank run which rapidly leads to insolvency. So whether or not users funds are actually safe, that is what they are going to say.

It's the exact same as when the likes of FTX, BlockFi, Celsius, Voyager, et al. said "Everything is fine" in the days and weeks before going bankrupt. If they are honest then all they do is speed up their own demise.

And for all the coins stolen on BSC, could Binance not just reverse those transactions since BSC is 100% centralized?
legendary
Activity: 3808
Merit: 1723
Most users probably won’t be that upset since it was a hot wallet which got hacked and those are already risky. If they lost their cold store wallets which was a majority of the user funds then people would be upset and start withdrawing their funds as soon as possible.

Can’t think of the last time a casino got hacked. I remember there was that HuffPuff cheater on Primedice who could read the seeds ahead of time and made off with like 2K BTC or something similar.
hero member
Activity: 770
Merit: 828
Leading Crypto Sports Betting & Casino Platform
They have to assure their members' confidence they are the industry giant they cannot afford to lose their status in the industry if it happens to a small casino it's likely they cannot keep up paying their members, this is one of the reasons why gamblers should pick a reputable casino and have a good standing in the industry so in case something like this happen their funds are still safe.
What happens will echo in the whole industry and what Stake is going to do will have an impact on the industry hopefully the hackers left a loophole for them to track them.

I don't think this would be enough for Stake to lose its respectable status in the crypto gambling industry. It seems that no user is hurt in this incident save perhaps for some negligible inconvenience. However, it wouldn't be surprising either if there are gamblers who would decide to minimize their funds in the platform or even transfer to another one.

Just the same, Stake should be responsible enough to provide transparent details as to what really happened if only to remove from the minds of the users that the platform has some serious security flaws ready to be exploited by anybody.

Actually they never share anything like this with the public.
Last year they were hacked as well and some user data such as emails, VIP level were stolen.
They didn't even bother to inform players.

People found out when they suddenly got promotion emails from sites that bought the stolen data, such as rollbit.

legendary
Activity: 2576
Merit: 1860
They have to assure their members' confidence they are the industry giant they cannot afford to lose their status in the industry if it happens to a small casino it's likely they cannot keep up paying their members, this is one of the reasons why gamblers should pick a reputable casino and have a good standing in the industry so in case something like this happen their funds are still safe.
What happens will echo in the whole industry and what Stake is going to do will have an impact on the industry hopefully the hackers left a loophole for them to track them.

I don't think this would be enough for Stake to lose its respectable status in the crypto gambling industry. It seems that no user is hurt in this incident save perhaps for some negligible inconvenience. However, it wouldn't be surprising either if there are gamblers who would decide to minimize their funds in the platform or even transfer to another one.

Just the same, Stake should be responsible enough to provide transparent details as to what really happened if only to remove from the minds of the users that the platform has some serious security flaws ready to be exploited by anybody.
legendary
Activity: 3416
Merit: 1225


Well, It's a good thing that it is stake and they will probably cover the loss. Otherwise, user funds would indeed have been lost even if users have no direct claim on wallets.  Wink

This is similar to how it works for exploited centralized exchanges.

They have to assure their members' confidence they are the industry giant they cannot afford to lose their status in the industry if it happens to a small casino it's likely they cannot keep up paying their members, this is one of the reasons why gamblers should pick a reputable casino and have a good standing in the industry so in case something like this happen their funds are still safe.
What happens will echo in the whole industry and what Stake is going to do will have an impact on the industry hopefully the hackers left a loophole for them to track them.
hero member
Activity: 1554
Merit: 880
pxzone.online
Eddie said a small percentage keep reserves in hot wallets, so this might be pocket change for them, he said the affected wallets will be operational soon.

[1] https://twitter.com/StakeEddie/status/1698748627622244840
Good thing if it's the case, in fact Stake is really a huge casino ever existed here in crypto space. If this is just a new or smaller casino, those users with large sum of balance will be very affected and in rage if they file bankruptcy. And I'm sure those hacked USDT and other USD pegged coins will be frozen and hopefully will be recovered.
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!
Just my opinion, but it seems logical that they would officially state that user funds are safe after the hack. However, let's consider the practical reality. All deposits made to a Stake deposit address go directly to their wallet. So, when their wallet is compromised, are those funds considered Stake's or the users'?

Of course, Stake does keep records in their database of each user's account balance. But here's a thought: what if everyone tried to withdraw all their funds at once? Would Stake have enough of what we consider 'their' funds to cover all the withdrawals?

I believe their best course of action is to continue with their business and gradually recover from the losses. After all, it's a casino, and in the long run, most users tend to lose their deposits anyway.
legendary
Activity: 2604
Merit: 2353
I guess part of the question is going to be not if they can cover the loss. But, can they cover everyone now if people panic and start pulling their funds out and stop gambling there. Given time and effort, considering their size they should be able to overcome a loss like this. But, if everyone runs, it's going to make it that much harder to do.

Stake takes the slot percentages slider and lowers it all the way and continues business only works if people keep playing.

-Dave
Yes most people above seem to try to avoid to talk about the consequences. But I think it is very likely that most of their customers will try to withdraw their funds in the coming days and will only leave the minimum for playing there, if they don't go elsewhere. So if Stake has not a large bankroll from their own capital they won't be able to pay the winnings and the bonuses to their customers.
hero member
Activity: 1918
Merit: 564
I guess part of the question is going to be not if they can cover the loss. But, can they cover everyone now if people panic and start pulling their funds out and stop gambling there. Given time and effort, considering their size they should be able to overcome a loss like this. But, if everyone runs, it's going to make it that much harder to do.

Stake takes the slot percentages slider and lowers it all the way and continues business only works if people keep playing.

-Dave

As long as Stake operation is not suspended and the users are able to deposit and withdraw their fund when the suspension of wallet is lift up, the users fund on their account is unaffected, I believe players will continue to play on stake and this will not give a red flag that make players panic and pull out their funds.  Instead if the Stake platform is able to solve this easily, this case will strengthen the trust of their players.

The only thing I am concerned is what caused this and whether or not there's something wrong with their security measures. All we know at the time is that it was likely a private key leak and that could happen because of numerous things.

I am also curious how does this hack happened.  Is this some glitch on the smart contract implemented on those wallets?
legendary
Activity: 2018
Merit: 1108
I guess part of the question is going to be not if they can cover the loss. But, can they cover everyone now if people panic and start pulling their funds out and stop gambling there. Given time and effort, considering their size they should be able to overcome a loss like this. But, if everyone runs, it's going to make it that much harder to do.

Stake takes the slot percentages slider and lowers it all the way and continues business only works if people keep playing.

-Dave

I suppose the average player might not bat an eye especially if the site continues normal operation.

The only thing I am concerned is what caused this and whether or not there's something wrong with their security measures. All we know at the time is that it was likely a private key leak and that could happen because of numerous things.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I guess part of the question is going to be not if they can cover the loss. But, can they cover everyone now if people panic and start pulling their funds out and stop gambling there. Given time and effort, considering their size they should be able to overcome a loss like this. But, if everyone runs, it's going to make it that much harder to do.

Stake takes the slot percentages slider and lowers it all the way and continues business only works if people keep playing.

-Dave
hero member
Activity: 700
Merit: 673
I think they are active in action, and according to their statement that no user funds were affected, it might mean that they have a separate wallet for user deposits and also a separate wallet for withdrawals.

A user in X asked what would happen if he made a deposit to his stake account, and he was replied that it would be credited immediately, which means the deposit part doesn't have an issue and some of the network withdrawals are still completely functional. Let's just hope it's their reserve funds that were affected and not user deposits, as they explained.
 
 
hero member
Activity: 2884
Merit: 579
Hire Bitcointalk Camp. Manager @ r7promotions.com
While this amount could be like some advertisement money for them, it's still a lot of money that was gotten to them.

How could the hacker was able to gain access to those funds? Could it be that there's some backdoor that was seen through their staff or so?

Again, I've seen some tweets on this recent incident about crypto is a gamble and this is where their money goes, to the hacks. They always trying to flame the incident and make it look like it's a whole thing for the crypto market.

Stake will recover for sure with this incident.
hero member
Activity: 1274
Merit: 561
Leading Crypto Sports Betting & Casino Platform
Although Stake team confirmed no user funds were lost (i'm sure they would likely reimburse it)
Users don't have a direct claim on wallets, so unless they can't afford to pay everyone, it makes sense that no user funds were lost.
The crypto gambling community know how big financially Stake is, and they can reimburse the funds. A $100 million dollar mega deal with Drake is an evidence to the viral belief. On the other hand, it's said to have lead to the attack stake is having recently. Some write-ups about this incident centered on the profits of Stake casino, as a factor to the reason hackers targets the casino.
hero member
Activity: 2212
Merit: 805
Top Crypto Casino
Although Stake team confirmed no user funds were lost (i'm sure they would likely reimburse it)
Users don't have a direct claim on wallets, so unless they can't afford to pay everyone, it makes sense that no user funds were lost.

Well, It's a good thing that it is stake and they will probably cover the loss. Otherwise, user funds would indeed have been lost even if users have no direct claim on wallets.  Wink

This is similar to how it works for exploited centralized exchanges.
hero member
Activity: 1498
Merit: 785
Saddened by this news! But with this incident they are still operating normally as if they were hacked and nothing happened.  Cheesy

We know stake is a big casino.

does this mean 41 million is like pocket change to them?
Eddie said a small percentage keep reserves in hot wallets, so this might be pocket change for them, he said the affected wallets will be operational soon.

[1] https://twitter.com/StakeEddie/status/1698748627622244840
legendary
Activity: 1946
Merit: 1026
In Search of Incredible
Biggest robbery from a crypto casino so far?
probably yes
It could be the biggest robbery in the crypto gambling industry (based on the occurred time and crypto price). However, a user had cheated on Primedice and made 2,400+ Bitcoin profit on 2014. It was worth $1 million during the, which is worth $62 million for the current price of Bitcoin: Hufflepuff Making 2k BTC On PrimeDice Nov 2014. March 2015 Update: He Cheated

Stake is the sister site of Primedice. As a billion dollar casino now, the $41 million loss won't be a big deal for Stake. Although the news isn't positive, but Stake.com will have some marketing for the news, articles and tweets of the hacking story.
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
Although Stake team confirmed no user funds were lost (i'm sure they would likely reimburse it)
Users don't have a direct claim on wallets, so unless they can't afford to pay everyone, it makes sense that no user funds were lost.
hero member
Activity: 2212
Merit: 805
Top Crypto Casino
Why would they keep 41 million dollars in a hot wallet? Wouldn't it be much cheaper (considering the risk) to hire someone to monitor hot wallet and top it up when needed? Or does this mean 41 million is like pocket change to them?

If anything, I felt they would use a multi-sig  for a hot wallet if they intend to hold such an amount in a hot wallet. Although Stake team confirmed no user funds were lost (i'm sure they would likely reimburse it), but I will be waiting for a post-mortem.


Stake is one of the popular casino brand. This is the biggest hack so far for a crypto casino. I wonder how will Stake gonna handle this since this is too much. 

They would properly reimburse it even if it leaves in a hole in their accounting.
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
Why would they keep 41 million dollars in a hot wallet? Wouldn't it be much cheaper (considering the risk) to hire someone to monitor hot wallet and top it up when needed? Or does this mean 41 million is like pocket change to them?
legendary
Activity: 3122
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
Confirmed! It was a hack.

https://x.com/stake/status/1698746766076588057

Quote
Three hours ago, unauthorised tx’s were made from Stake’s ETH/BSC hot wallets.

We are investigating and will get the wallets up as soon as they’re completely re-secured.

User funds are safe.

BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational.

A big amount to lose, indeed… but probably fine for Stake since they have been spending much more with streamers for their platform Kick (i.e supposedly $100m for xqc).

no wonder their hot wallet is having that amount of money, which is quite huge already for other small time casinos. indeed, they are paying good amount of money to these streamers, so they can easily get back those hacked funds. now, they probably will tighten their secure and large withdrawals will go thru additional checks. as their withdrawals are almost instant, such huge withdrawals may haven't been flagged down by their system. and already too late when they found out.
legendary
Activity: 2758
Merit: 6830
Confirmed! It was a hack.

https://x.com/stake/status/1698746766076588057

Quote
Three hours ago, unauthorised tx’s were made from Stake’s ETH/BSC hot wallets.

We are investigating and will get the wallets up as soon as they’re completely re-secured.

User funds are safe.

BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational.

A big amount to lose, indeed… but probably fine for Stake since they have been spending much more with streamers for their platform Kick (i.e supposedly $100m for xqc).
hero member
Activity: 1120
Merit: 554
🇵🇭
This is a wake up call to my fellow gamblers to don’t store crypto in the casino wallet since most of the gambler usually leave their bankroll on there account for a long time until they have enough profit.

Stake is one of the popular casino brand. This is the biggest hack so far for a crypto casino. I wonder how will Stake gonna handle this since this is too much. 
legendary
Activity: 2226
Merit: 1571
Join the world-leading crypto sportsbook NOW!
Damn, looks like a hack. If it was an inside transfer, they'd probably confirm it by now, no?

I don't know how much money they're working with on a daily basis, but 40 mil on hot wallets? Looks like way too much.
hero member
Activity: 2926
Merit: 567
Are you an insider? There's nothing related news regarding this yet.
No official news yet from Stake, but there are already few articles out speculating about alleged hack.

According to ZachXBT, additional $25.6 million were hacked on BSC and Polygon
https://twitter.com/zachxbt/status/1698712407177150729?s=20

I just saw this too, Im highly doubtful that this is not an inside job.

Biggest robbery from a crypto casino so far?

It is big news in the gambling industry now.
https://coinmarketcap.com/community/articles/64f5fb76d9a9381cf98108e0/

If they can do this to a big casino they can also do this to small casinos, The hacker is that good he targeted the big fish in the industry, it is time for other casinos to upgrade their security there's the possibility that they will target more casinos, I hope they can trace the movement of the funds like what exchanges has done.
legendary
Activity: 3276
Merit: 3537
Nec Recisa Recedit
Interesting, thanks for share, I have noticed their message on telegram
Well personally, I would wait a declaration made by site owners before claiming any assumption on this on-chain movement, or at least if there is any official news/source around that to confirm this was a real hack and not just some coins moved from their wallets...

Biggest robbery from a crypto casino so far?

probably yes
full member
Activity: 998
Merit: 157
Are you an insider? There's nothing related news regarding this yet.
No official news yet from Stake, but there are already few articles out speculating about alleged hack.

According to ZachXBT, additional $25.6 million were hacked on BSC and Polygon
https://twitter.com/zachxbt/status/1698712407177150729?s=20

I just saw this too, Im highly doubtful that this is not an inside job.

Biggest robbery from a crypto casino so far?

Im sure everyone knows the hufflepuff/primedice incident which was definitely the biggest coins stolen but in terms of pure usd this value i dont think any casino heist will even come close  Shocked
full member
Activity: 1489
Merit: 150
look like the the amount hacked increased by 25m on polygon and bsc
legendary
Activity: 1722
Merit: 5937
Are you an insider? There's nothing related news regarding this yet.
No official news yet from Stake, but there are already few articles out speculating about alleged hack.

According to ZachXBT, additional $25.6 million were hacked on BSC and Polygon
https://twitter.com/zachxbt/status/1698712407177150729?s=20
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Unless this is confirmed to be an actual hacking and NOT just them moving wallets to a different cold wallet, then we shouldn't be quick to jump conclusions. Exchanges have done this in the past.

If it's true though, then goddamn. Money lost is not that big compared to other hacks, but Stake.com is a platform that's not necessarily catering to crypto peeps.
full member
Activity: 998
Merit: 157
Are you an insider? There's nothing related news regarding this yet.
The outgoing transactions might just be changing of a new address.

If this true, this will be one of the largest heist for a casino.

No but there is alot of chatter about this on X and many cryto watchdogs/alerts have tweeted about this suspicious activity

IF it was them they wouldnt disable transactions, plus they wouldnt use suspicious method like this
What’s suspicious about it? It’s literally an onchain transaction, the actual way of transferring funds?

I guess disabling withdraws + large chunks moving could be seen as suspicious, but that’s also what one would do if they were legitimately moving funds. How do you process deposits and withdrawals after changing wallets? You usually need to change stuff on the background so coins come from (and go to) the new address.

But or course I wouldn’t deposit anything until the rumors are denied. No reason to risk your coins.

This is from their hot wallet which is used for customer withdrawals and refilled by stake, emptying the hot wallet like this means 99% a hack/robbery.
IF this was an operation by stake im sure they would inform players in advance that withdraws will be disabled from so and so time
legendary
Activity: 2758
Merit: 6830
IF it was them they wouldnt disable transactions, plus they wouldnt use suspicious method like this
What’s suspicious about it? It’s literally an onchain transaction, the actual way of transferring funds?

I guess disabling withdraws + large chunks moving could be seen as suspicious, but that’s also what one would do if they were legitimately moving funds. How do you process deposits and withdrawals after changing wallets? You usually need to change stuff on the background so coins come from (and go to) the new address.

But or course I wouldn’t deposit anything until the rumors are denied. No reason to risk your coins.
hero member
Activity: 1288
Merit: 564
Bitcoin makes the world go 🔃
There’s a chance that Stake might changing the wallet they are using that’s why they move all their coins out from their wallet and temporarily disable withdrawal and deposit method for preparation for new wallet. Exchange is doing this too when they update their wallet.

But Let’s see if this is really robbed since Eddie will surely made an update regarding this.
hero member
Activity: 1554
Merit: 880
pxzone.online
Are you an insider? There's nothing related news regarding this yet.
The outgoing transactions might just be changing of a new address.

If this true, this will be one of the largest heist for a casino.
full member
Activity: 998
Merit: 157
A source would be good…

Found this on twitter/x: https://x.com/peckshield/status/1698697721342042621

https://etherscan.io/address/0x3130662aece32f05753d00a7b95c0444150bcd3c

But who says this isn’t them just moving coins around?

yes im adding more info as i have them

IF it was them they wouldnt disable transactions, plus they wouldnt use suspicious method like this
legendary
Activity: 2758
Merit: 6830
A source would be good…

Found this on twitter/x: https://x.com/peckshield/status/1698697721342042621

https://etherscan.io/address/0x3130662aece32f05753d00a7b95c0444150bcd3c

But who says this isn’t them just moving coins around?
full member
Activity: 998
Merit: 157
In the past half hour Stake.com hot wallet was hit for more then 40million usd / 6000 ETH, $3.9 million USDT, $1.1 million USDC, and 900,000 DAI.

UPDATE: Being reported that total amount has reached over 40 million including polygon chains

UPDATE 2 : confirmed by stake

https://twitter.com/Stake/status/1698746766076588057

Stake has disabled ETH and bs/erc20 network transactions



some tweets from  crypto watchdogs/alerts

https://twitter.com/CyversAlerts/status/1698690342113931422

https://twitter.com/peckshield/status/1698697721342042621

6000 ETH transaction to brand new address

https://etherscan.io/tx/0xf7bde3b54f6d6495cb79a8390fbe3e5c5095b0b06c07153c4c7e9c1ddb43645f

IF this is true would it the biggest hack in recent times? The news is all over twitter right now

coindesk article-

https://www.coindesk.com/business/2023/09/04/crypto-casino-stake-targeted-in-reported-40m-exploit
Jump to: