KEY POINTS
- Cyvers flagged that around $16 million in stablecoins were converted to Ethereum
- On-chain sleuth ZachXBT noted that around $40 million has been siphoned on Ethereum, Polygon and BNB Smart Chain networks
- Etherescan flagged the address involved in moving the funds, which was believed to be a hack
Ethereum-based crypto betting platform Stake halted its withdrawals for four hours, before resuming its operations after news broke that $40 million funds were reportedly drained from its account due to a hack.
Stake, which is a cryptocurrency-based betting platform where users can place wagers on games or sports, did not acknowledge that funds left its coffers or a hack was made in its announcement, but rather downplayed it as “unauthorized transactions” and claimed that “user funds are safe.”
“Three hours ago, unauthorized tx’s were made from Stake’s ETH/BSC hot wallets. We are investigating and will get the wallets up as soon as they’re completely re-secured. User funds are safe. BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational,” the platform said in its official announcement on X.
Stake’s statement surfaced after several blockchain security firms reported suspicious movements of significant funds on its platform.
Cyvers was the first to tweet about the movement of funds, flagging that around $16 million in stablecoins were converted to Ethereum (ETH).
“Our AI-powered system has detected multiple suspicious transactions with @Stake. https://etherscan.io/address/0x3130662aece32f05753d00a7b95c0444150bcd3c address received about $16M in $ETH $USDC $USDT and $DAI. All the stablecoins are converted to $ETH and distributed to different EOAs,” the tweet read.
Blockchain security firm Peckshield also tweeted a similar alert, tagging Stake and telling them that they “may want to take a look.”
On-chain sleuth ZachXBT, in his response to Peckshield’s tweet, noted around $40 million has been siphoned on Ethereum, Polygon and BNB Smart Chain networks, consisting of “~$15.7M” and “Another $25.6M.”
Following the reports, Etherescan, the Ethereum blockchain explorer, flagged the address involved in moving the funds, which was believed to be a hack, and labeled it as “Stake.com Hacker.”
Four hours after making its first announcement, Stake said, “All services have resumed! Deposits & withdrawals are processing instantly for all currencies,” adding, “We apologize for any inconvenience.”
The platform also launched a user compensation initiative because of the incident.
“Due to the recent Stake exploit, Stake is issuing a temporary user compensation distribution to all users to users to restore market sentiment. All users who have interacted with Stake and its affiliates are eligible to claim,” the crypto-betting platform said in its latest tweet.
It is not the first time that crypto gambling sites have been attacked by malicious actors.
In July, Alphapo, a payments provider for various crypto gambling sites like Ignition, Bovada and Hyperdrop, suffered $31 million in suspicious withdrawals.