The Federal Bureau of Investigation (FBI) has announced that the recent $41 million hack of crypto gambling site Stake was carried out by the North Korean cybercrime group Lazarus. This group has already stolen more than $200 million in cryptocurrency this year.
The cyberattack on crypto gambling platform Stake
Stake, a popular platform offering casino games and sports betting with cryptocurrency, fell victim to a cyberattack on September 4. The hacker managed to drain over $41 million worth of cryptocurrency from the platform's hot wallets. However, the Stake team reassured users that only a small percentage of funds were obtained and that users would not be affected.
The FBI's investigation and conclusions
On September 7, the FBI released a statement revealing that it had conducted an investigation and determined that the attack was carried out by the Lazarus Group. This notorious cybercrime organization is thought to be associated with the Democratic People’s Republic of Korea (DPRK), also known as "North Korea."
Stolen funds and advice for crypto protocols and businesses
In its statement, the FBI listed the addresses where the stolen funds are now held, which exist on the Bitcoin, Ethereum, BNB Smart Chain, and Polygon networks. The agency advised all crypto protocols and businesses to review the addresses used in the hack and avoid transacting with them. The FBI recommended vigilance in guarding against transactions directly with, or derived from, those addresses.
Lazarus Group's track record of cybercrime
The FBI not only linked Lazarus Group to the Stake hack but also to several other major cyberattacks. The agency stated that the group was responsible for the Alphapo, CoinsPaid, and Atomic Wallet hacks, with losses from all of these incidents totaling over $200 million. Alphapo, a payment processor, suffered suspicious withdrawals amounting to over $65 million on July 23. CoinsPaid, another payments firm, lost over $37 million through social engineering in late July. In June, users of Atomic Wallet lost a staggering $100 million through an unknown exploit.
