Always moving forward: Reflections on the recent Stake.com exploit

Ed Craven
3 min readSep 7, 2023

A few days ago, as many of you would have likely seen, Stake.com had to respond to an external exploit which targeted our ETH/BSC hot wallets through unauthorised transactions. Unfortunately, it appears to be the latest in a string of such exploits that have occurred over recent months targeting operations and businesses just like ours.

Now that the dust has settled and we are fully back up and running, I wanted to update our players on what we know about the events and crucially what we have learned so far.

I should stress that our in-depth investigation is still ongoing and that what follows are our preliminary findings concerning this sophisticated attack:

· Within 20 minutes of the unauthorised transactions occurring, the incident was spotted and reported internally.

· Our incident response team moved to immediately focus on identifying and discovering the source of the sophisticated unauthorised activity. This included implementing necessary containment measures such as disabling the malicious component responsible for the intrusion. All of this was done within 4 hours.

· Your personal data remains secure — there is no sign that the attackers accessed or had access to any personally identifiable information of any user. All network activity has been securely logged and we therefore have a clear picture of all attacker activity.

· At no stage were any user funds ever compromised. Only a small portion of Stake’s bankroll to support large winning customers was affected.

· For users who sent ETH/BSC during that time, we moved to credit these funds as soon as possible. During the exploit, BTC, LTC, XRP, EOS, TRX and all other wallets remained fully operational.

· Once our team was completely satisfied that the incident was contained and that the malicious component was removed, normal operations were once more brought online.

· Two affected games impacted by the malicious component remain disabled during our investigation.

· We are collaborating with various law enforcement agencies. The FBI have attributed the attack to North Korean hackers known as Lazarus Group who are responsible for a number of previous attacks.

It should be noted that the FBI has encouraged private sector entities to review the previously released Cyber Security Advisory on TraderTraitor and examine the blockchain data associated with the above-referenced virtual currency addresses and be vigilant in guarding against transactions directly with, or derived from, those addresses.

Player safety is always our utmost priority at Stake, so as soon as we learned about the exploit, we took all necessary measures to protect our customers. We knew it was essential to keep our players updated throughout the process especially as we gathered more information about the attack.

While such events are rare (especially owing to our advanced security measures in-place), they can unfortunately happen to any company regardless of their size. Cyber threats are a real risk in our tech-driven world and are only continuing to grow over time.

As a major company, we continue to invest in our cyber security all the time as we know it is essential to adapt quickly to emerging threats. Nonetheless, this recent event proved that no-one is immune from malicious exploits from external actors.

Aside from active security measures in place, Stake always keeps a small portion of our crypto reserves in hot wallets at any given moment for these precise events.

Unfortunately, during this event, we saw a number of fake accounts posting on X (formerly Twitter) offering refunds through malicious phishing links and providing fake updates throughout the event. I always would urge fans to follow our official channels (https://twitter.com/Stake) and my own handle (https://twitter.com/StakeEddie) for live updates.

On behalf of the entire Stake team, I thank all our fans and our engaged community for both their support and response to the events. Together with law enforcement agencies, our investigation into the events remains ongoing, but due to the immediate protective measures we implemented, Stake remains an incredibly safe platform for all players.

What is for certain is that we will continue investing in Stake’s security in order to protect our ever growing, dedicated player base.

We’ll be releasing a more technical breakdown of how the exploit unfolded in the near future in order to help aid other companies protect against the same type of attack.

Ed.

--

--