In a revelation that has sent shockwaves through the cryptocurrency community, the Federal Bureau of Investigation (FBI) has identified the Lazarus Group, a notorious North Korean hacker collective, as the perpetrators behind the recent $41 million theft from Stake.com.
The online crypto casino, which had already been grappling with a security breach involving suspicious outflows, found itself at the center of a more significant crisis on September 4, 2023. According to the FBI, the Lazarus Group, also known as APT38, orchestrated the heist, moving the stolen funds across multiple blockchain networks, including Ethereum, Binance Smart Chain, and Polygon.
A year of unprecedented cybercrime: Lazarus Group’s trail of theft
The Stake.com incident is not an isolated event but part of a series of cryptocurrency heists executed by the Lazarus Group in 2023. The group has been responsible for pilfering over $200 million in various cryptocurrency thefts this year alone.
Notable among these are the thefts of approximately $60 million from Alphapo and CoinsPaid on July 22, followed by another haul of around $100 million from Atomic Wallet on June 2. The FBI’s investigation has unveiled a web of illicit activities, highlighting the urgency for enhanced cybersecurity measures and international cooperation to combat such cybercrimes.
The aftermath: Sanctions and cybersecurity advisories
The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) had already imposed sanctions on the Lazarus Group in 2019. However, this has not deterred the group from continuing its illicit activities. The FBI has also issued a cybersecurity advisory urging caution, particularly for private sector entities that might be vulnerable to transactions directly with or derived from the addresses associated with the stolen funds.
Founded in 2017, Stake.com rapidly became the largest online crypto casino, focusing primarily on sports betting and casino games like blackjack, roulette, and slots. The platform distinguishes itself by exclusively using cryptocurrencies for transactions, supporting 18 cryptocurrencies, including Bitcoin, Ethereum, Dogecoin, and Ripple. The heist marks another chapter in the ongoing saga of cybercrime, emphasizing the need for robust cybersecurity infrastructures.