On September 4th, at 9:28 pm UTC, the crypto betting platform Stake resumed its deposit and withdrawal services only five hours after a reported $40 million exploit.
The incident began with multiple unusual transactions on Monday morning Eastern Time, with approximately $16 million in Ethereum, Tether, USD Coin, and DAI leaving the platform, as Web3 security firm Cyvers noted.
The attacker initiated the first transaction at 12:48 pm UTC, transferring around $3.9 million worth of Tether from Stake to their account.
Subsequently, two more transactions moved over 6,000 Ether, equivalent to approximately $9.8 million at current prices.
Over the following minutes, the attacker continued to drain tokens, including about $1 million in USD Coin, $900,000 worth of Dai, and 333 Stake Classic (STAKE) tokens, totaling $75. This accounted for the initial $15.7 million loss on the Ethereum network.
An additional $25 million was siphoned off of Binance Smart Chain and Polygon, according to crypto investigator ZachXBT.
Blockchain security firm Beosin estimated the total loss at $41.35 million, encompassing $15.7 million on Ethereum, $7.8 million on Polygon, and another $17.8 million from Binance Smart Chain.
Peckshield, another blockchain security firm, raised suspicions about the transfers if the platform was not undergoing maintenance.
Stake.com later confirmed that the wallet transfers were "unauthorized," signifying a breach of the company's wallet security. The company assured users that their funds remained safe and that it had investigated the incident.
Stake's billionaire founder, Ed Craven, stated on Twitter that “Stake keeps a small portion of its crypto reserves in hot wallets at any given moment for these very reasons.” He added that
Read more on cryptonews.com