In a continuing saga of cryptocurrency thefts and exploits, hackers responsible for the $41 million hack of cryptocurrency casino Stake have managed to shift an additional $328 million worth of assets, according to blockchain security firm CertiK. This latest development follows the initial exploit that occurred on September 4, which resulted in the theft of a substantial amount of digital assets.
The recent transfers involved 300 Binance Coin (BNB) tokens, valued at approximately $61,500, which were sent to an externally owned address with the identifier “0x695.” These tokens were then promptly bridged to the Avalanche blockchain on September 11, at 4:09 pm UTC. Furthermore, 520,000 Polygon (MATIC) tokens, with a total worth exceeding $266,000, were also moved to the Avalanche blockchain earlier that day, at 7:18 am UTC.
These transfers, which amount to $328,000, add to the already substantial sum of $4.5 million in stolen funds that were previously bridged to the Bitcoin blockchain on September 7, as reported by blockchain security firm Arkham. It is important to note that while these movements represent a significant portion of the stolen funds, they still constitute only 1.2% of the total $41 million that was originally pilfered by the hackers.
The breach itself was executed by gaining access to the private key of Stake’s Binance Smart Chain and Ethereum hot wallets, marking a concerning breach of security on September 4. In a twist to the tale, the United States Federal Bureau of Investigation has pointed to North Korea’s Lazarus Group as the likely culprit behind the exploit.
Crypto scams alarming trend
This latest development contributes to an alarming trend in the cryptocurrency industry, as malicious actors continue to plague the space with hacks and scams. In 2023 alone, these incidents have resulted in losses well exceeding the billion-dollar mark, with the Stake hack adding to this grim tally.
CertiK had previously reported the total losses from cryptocurrency-related incidents to be nearly $997 million by the end of August. However, the recent wave of attacks in September is expected to push this figure over the significant milestone of $1 billion.
Among the notable incidents this month was a phishing attack on September 6, in which a cryptocurrency whale lost a staggering $24 million worth of staked Ether (ETH). Additionally, on September 9, the Twitter account of Ethereum co-founder Vitalik Buterin, known as “Vitalik Buterin’s X,” was compromised. The hacker then lured several victims into a nonfungible token (NFT) scam, resulting in losses totaling $691,000.
These three incidents alone are set to elevate CertiK’s August figure to a minimum of $1.04 billion in cryptocurrency losses. Other recent events in the cryptocurrency space include the Pepe (PEPE) coin’s withdrawal incident, which incurred losses of $13.2 million, an exploit involving Exactly Protocol that resulted in $7.3 million in losses, and the exposure of a security vulnerability on the Balancer platform, causing $2.1 million in damages.